logger.GetReqInfo(ctx).SetTags("peerAddress", nerr.Host.String())
				iamLogIf(ctx, nerr.Err)
			}
		}
	}
}

// SetTempUser - set temporary user credentials, these credentials have an
// expiry. The permissions for these STS credentials is determined in one of the
// following ways:
//
// - RoleARN - if a role-arn is specified in the request, the STS credential's
// policy is the role's policy.
//

			// Just return the first error.
			return err
		}
		d.Policy = doc.Policy
		return nil
	}
	*d = doc
	return nil
}

// key options
type options struct {
	ttl int64 // expiry in seconds
}

type iamWatchEvent struct {
	isCreated bool // !isCreated implies a delete event.
	keyPath   string
}

// iamCache contains in-memory cache of IAM data.
type iamCache struct {

	contentReader, err := s.adm.ExportIAM(ctx)
	if err != nil {
		c.Fatalf("export %d: Unable to export IAM: %v", caseNum, err)
	}
	defer contentReader.Close()

	expContent, err := io.ReadAll(contentReader)
	if err != nil {
		c.Fatalf("export %d: Unable to read exported content: %v", caseNum, err)
	}

	return expContent
}

type dummyCloser struct {
	io.Reader
}

transition_workers              (number)    set the number of transition workers (default: '100')
stale_uploads_expiry            (duration)  set to expire stale multipart uploads older than this values (default: '24h')
stale_uploads_cleanup_interval  (duration)  set to change intervals when stale multipart uploads are expired (default: '6h')

#### KeyCloak

```
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123
export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration
export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
minio server /mnt/data
```

#### Casdoor

```
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio123

- Added two client certificate metrics for exec auth:
    - `rest_client_certificate_expiration_seconds` a gauge reporting the lifetime of the current client certificate. Reports the time of expiry in seconds since January 1, 1970 UTC.

        PrincipalName principalName = convertPrincipal(principal);
        KrbAsReqBuilder builder = new KrbAsReqBuilder(principalName, password != null ? password.toCharArray() : new char[0]);

        if ( expire != null ) {
            System.out.println("Request expires " + expire);
            KerberosTime till = new KerberosTime(expire);

  /**
   * Returns the time that this cookie expires, in the same format as [System.currentTimeMillis].
   * This is December 31, 9999 if the cookie is not [persistent], in which case it will expire at the
   * end of the current session.
   *
   * This may return a value less than the current time, in which case the cookie is already
   * expired. Webservers may return expired cookies as a mechanism to delete previously set cookies

yanggang <******@****.***> 1667923082 +0800

		},
		// (3) Should give an expired request if it has expired.
		{
			queryParams: map[string]string{
				"Expires":        "60",
				"Signature":      "badsignature",
				"AWSAccessKeyId": accessKey,
			},
			expected: ErrExpiredPresignRequest,
		},
		// (4) Should error when the signature does not match.
		{
			queryParams: map[string]string{
				"Expires":        fmt.Sprintf("%d", now.Unix()+60),