// target of logger webhook configuration
	result.LoggerWebhookCfgUpdated = setLoggerWebhookSubnetProxy(result.SubSys, result.Cfg)

	// Update the actual server config on disk.
	if err = saveServerConfig(ctx, objectAPI, result.Cfg); err != nil {
		return
	}

	// Write the config input KV to history.
	err = saveServerConfigHistory(ctx, objectAPI, kvBytes)
	return
}

export MINIO_ROOT_PASSWORD=minio123
export MINIO_IDENTITY_OPENID_CONFIG_URL=http://localhost:8080/auth/realms/demo/.well-known/openid-configuration
export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
minio server /mnt/export
```

Testing with an example
> Obtaining client ID and secrets follow [Keycloak configuring documentation](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md)

```

          imagePullPolicy: {{ .Values.image.pullPolicy }}
          command:
            - "/bin/sh"
            - "-ce"
            - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}"
          volumeMounts:
            - name: minio-user

type Type interface {
	fmt.Stringer

	IsRequested(http.Header) bool
	IsEncrypted(map[string]string) bool
}

// IsRequested returns true and the SSE Type if the HTTP headers
// indicate that some form server-side encryption is requested.
//
// If no SSE headers are present then IsRequested returns false
// and no Type.
func IsRequested(h http.Header) (Type, bool) {
	switch {
	case S3.IsRequested(h):
		return S3, true

			want: ARN{
				Partition:    "minio",
				Service:      "iam",
				Region:       "us-east-1",
				ResourceType: "role",
				ResourceID:   "-my-role",
			},
			wantErr: false,
		},
		{
			name: "empty server region must succeed",
			args: args{
				resourceID:   "my-role",
				serverRegion: "",
			},
			want: ARN{
				Partition:    "minio",
				Service:      "iam",
				Region:       "",

* Il existe une extension du protocole TLS (celui qui gère le cryptage au niveau TCP, avant HTTP) appelée <a
  href="https://fr.wikipedia.org/wiki/Server_Name_Indication" class="external-link" target="_blank"><abbr
  title="Server Name Indication (indication du nom du serveur)">SNI (indication du nom du serveur)</abbr></a>.

It is not very popular or used nowadays.

OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.

/// tip

In the section about **deployment** you will see how to set up HTTPS for free, using Traefik and Let's Encrypt.

///

## OpenID Connect

#    -X prop       set non-standard JAVA system property
#   --prop=val
#   --prop val     set fess property (i.e.  -Des.<prop>=<val>)

CDPATH=""
SCRIPT="$0"

# SCRIPT may be an arbitrarily deep series of symlinks. Loop until we have the concrete path.
while [ -h "$SCRIPT" ] ; do
  ls=`ls -ld "$SCRIPT"`
  # Drop everything prior to ->
  link=`expr "$ls" : '.*-> \(.*\)$'`
  if expr "$link" : '/.*' > /dev/null; then

# This should fail
C|/foo/bar  s:file p:/C:/foo/bar

# This should fail
/C|\\foo\\bar  s:file p:/C:/foo/bar
//C|/foo/bar  s:file p:/C:/foo/bar
//server/file  s:file h:server p:/file
\\\\server\\file  s:file h:server p:/file
/\\server/file  s:file h:server p:/file
file:///foo/bar.txt  s:file p:/foo/bar.txt
file:///home/me  s:file p:/home/me
//  s:file p:/
///  s:file p:/
///test  s:file p:/test

 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root