MinIO Authentication and Authorization Using OpenID and Keycloak

  Рет қаралды 2,855

MinIO

MinIO

Күн бұрын

In this video you will learn how to set up an OpenID service, Keycloak, to provide authentication and authorization as part of a MinIO deployment
Documentation referenced in this video:
min.io/docs/minio/linux/admin...
min.io/docs/minio/linux/admin...
min.io/docs/minio/linux/opera...
MinIO is an open-source object storage server released under the GNU AGPL v3 license. It's compatible with Amazon S3, making it a great choice for deploying your storage infrastructure on Kubernetes.
Connect with us:
Website: min.io/
LinkedIn: / minio-inc-
Twitter: / minio
Docs: min.io/docs/minio/kubernetes/...
Slack: minio.slack.com/
#ObjectStorage #MultiCloud #CloudNative #Kubernetes #ObjectStore

Пікірлер: 21
@vaibhavtripathi8378
@vaibhavtripathi8378 2 ай бұрын
@MinIO Great! Here, you have explained the login in minIO console through Keycloak. What if I have a service/system which generates the token through Keycloak confidential client and then use the token to access the minIO bucket based on policy. How can we do that? thanks in advance!!
@MINIO
@MINIO 2 ай бұрын
I believe this documentation can help: min.io/docs/minio/linux/developers/security-token-service.html
@BlackGloves31
@BlackGloves31 11 ай бұрын
Thank you for this awesome showcase. While I was successful in setting up a Minio / Keycloak Integration, I'm unable to setup the "Backchannel Logout" so that when a session is closed in Keycloak, it should log you out from Minio. Is it possible ?
@MINIO
@MINIO 11 ай бұрын
I believe what you're looking for is the Keycloak admin URL setting: min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-config.html#mc-conf.identity_openid.keycloak_admin_url
@dron6g645
@dron6g645 Ай бұрын
Hi! Please tell me, is it possible to connect minIO to ADFS? I can't find the instructions on google. I watched your videos on setting up with Keycloak. Tell me, is there any way to connect to ADFS at all, or does it make no sense for me to try to do something in this direction?
@MINIO
@MINIO Ай бұрын
ADFS does have OpenID features, you need to make sure you're sending back a properly formed JWT that includes a policy claim.
@personcunha
@personcunha 11 ай бұрын
Great 🎉 What about Nomad Orchestrator?
@MINIO
@MINIO 11 ай бұрын
Many of these settings can also be done via environment variables, if that helps your orchestration efforts. min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html
@maciejk7689
@maciejk7689 11 ай бұрын
Greate ... but how it work with detach minio console ( ui ).... connected to minio cluster
@MINIO
@MINIO 11 ай бұрын
With a detached MinIO Console, you're running a specific user, console, to attach to your cluster. Are you looking to serve the console user credentials from OpenID? Or just auth other users? All the user management is still done via the MinIO server, not Console.
@maciejk7689
@maciejk7689 11 ай бұрын
@@MINIO i known this all... :) But it' s has sone problem with API admin config....
@MINIO
@MINIO 11 ай бұрын
Unfortunately, I can't really diagnose this without knowing more details about your setup. Have you considered reaching out to our support on Subnet?
@maciejk7689
@maciejk7689 11 ай бұрын
@@MINIO i will try
@halllo54321
@halllo54321 17 күн бұрын
Does IT Work with entra i don't find the entry for Policy attributr
@MINIO
@MINIO 17 күн бұрын
So, you can set the policy attribute to whatever name your OpenID is using. MinIO just defaults to looking in the JWT for an attribute named "policy" that has a list of policy names that match policies in MinIO.
@halllo54321
@halllo54321 17 күн бұрын
But we don't Talk ablut Claims? iam a bit confused with Claims and policys in this context. I have a group Claim and in my Policy i have a conditional which Checks the jwt:groups variable
@MINIO
@MINIO 15 күн бұрын
That's not how MinIO expects to assign policies. MinIO is looking for an attribute in the JWT that explicitly names a policy that MinIO manages. You *could* change the attribute name that MinIO looks for, such as telling it to look for "group", but the value of the group variable should still be a named policy in MinIO.
@halllo54321
@halllo54321 15 күн бұрын
Ah i understand so the value from the group Claim in the jwt have to be the Same as the Policy Name in minio.
@MINIO
@MINIO 15 күн бұрын
Correct. Just be sure to tell MinIO to look for "group" rather than the default "policy" in the JWT.
keycloak cluster on kubernetes with ssl and local DB !
58:38
keycloak cluster on kubernetes with ssl and local DB !
computeriseasy
Рет қаралды 12 М.
#Keycloak DevDay 2024: What's next in Keycloak (Alexander Schwartz, Red Hat)
35:21
#Keycloak DevDay 2024: What's next in Keycloak (Alexander Schwartz, Red Hat)
Niko Köbler (@dasniko) - Keycloak Expert
Рет қаралды 1,8 М.
Cách đi bóng dính chân như Messi! #actionc #short #football #footballshorts
00:14
Cách đi bóng dính chân như Messi! #actionc #short #football #footballshorts
Action C Mini
Рет қаралды 132 МЛН
Когда твоя МАМА следит за твоим боем, ты просто НЕ ИМЕЕШЬ ПРАВА проиграть #shorts
01:00
Когда твоя МАМА следит за твоим боем, ты просто НЕ ИМЕЕШЬ ПРАВА проиграть #shorts
BalcevMMA_BOXING
Рет қаралды 21 МЛН
Can You Draw A PERFECTLY Dotted Line?
00:55
Can You Draw A PERFECTLY Dotted Line?
Stokes Twins
Рет қаралды 106 МЛН
КАРМАНЧИК 2 СЕЗОН 7 СЕРИЯ ФИНАЛ
21:37
КАРМАНЧИК 2 СЕЗОН 7 СЕРИЯ ФИНАЛ
Inter Production
Рет қаралды 533 М.
MinIO Identity and Access Management: Part 1 - Overview And Modification of Built In Policies
10:00
MinIO Identity and Access Management: Part 1 - Overview And Modification of Built In Policies
MinIO
Рет қаралды 2,5 М.
Managing Access to Kubernetes with Keycloak
13:43
Managing Access to Kubernetes with Keycloak
Engineering with Morris
Рет қаралды 3,1 М.
Hướng dẫn Docker cơ bản
16:14
Hướng dẫn Docker cơ bản
Sơn Quách
Рет қаралды 50
Installing and Running MinIO on Linux - Session 2: Running MinIO on Linux
8:11
Installing and Running MinIO on Linux - Session 2: Running MinIO on Linux
MinIO
Рет қаралды 10 М.
Bilding an effective identity and access management architecture with Keycloak
52:11
Bilding an effective identity and access management architecture with Keycloak
Devoxx
Рет қаралды 52 М.
MinIO Identity and Access Management: Part 4 - Lab - Setting Up Users, Groups, and Policies
9:25
MinIO Identity and Access Management: Part 4 - Lab - Setting Up Users, Groups, and Policies
MinIO
Рет қаралды 2,3 М.
minio+keycloak SSO
5:45
minio+keycloak SSO
Nikolay Sibul
Рет қаралды 1,7 М.
Keycloak: Webauthn Passwordless Authentication
10:15
Keycloak: Webauthn Passwordless Authentication
Łukasz Budnik
Рет қаралды 20 М.
An Illustrated Guide to OAuth and OpenID Connect
16:36
An Illustrated Guide to OAuth and OpenID Connect
OktaDev
Рет қаралды 564 М.
Simple maintenance. #leddisplay #ledscreen #ledwall #ledmodule #ledinstallation
0:19
Simple maintenance. #leddisplay #ledscreen #ledwall #ledmodule #ledinstallation
LED Screen Factory-EagerLED
Рет қаралды 29 МЛН
Мой инст: denkiselef. Как забрать телефон через экран.
0:54
Мой инст: denkiselef. Как забрать телефон через экран.
Денис Киселев
Рет қаралды 2,1 МЛН
Как слушать музыку с помощью чека?
0:36
Как слушать музыку с помощью чека?
SuperCrastan
Рет қаралды 785 М.
Какой ноутбук взять для бабушки? #msi #rtx4090 #laptop #юмор #игровой #apple #shorts
0:14
Какой ноутбук взять для бабушки? #msi #rtx4090 #laptop #юмор #игровой #apple #shorts
Buy Smart┃Магазин ноутбуков
Рет қаралды 1,7 МЛН
$1 vs $100,000 Slow Motion Camera!
0:44
$1 vs $100,000 Slow Motion Camera!
Hafu Go
Рет қаралды 8 МЛН
No fear of others peeping anymore☺️ #phoneaccessories #screenprotector #ezglaz #privacyfilm #fyp
0:22
No fear of others peeping anymore☺️ #phoneaccessories #screenprotector #ezglaz #privacyfilm #fyp
EZ-TECHZ
Рет қаралды 41 МЛН
Trik di archiviazione fantastico! 🤩 Supporto intelligente per telefono #gadget
0:41
Trik di archiviazione fantastico! 🤩 Supporto intelligente per telefono #gadget
JOON Italian
Рет қаралды 2 МЛН