MinIO Authentication and Authorization Using OpenID and Keycloak

  Рет қаралды 2,855

MinIO

MinIO

Күн бұрын

In this video you will learn how to set up an OpenID service, Keycloak, to provide authentication and authorization as part of a MinIO deployment
Documentation referenced in this video:
min.io/docs/minio/linux/admin...
min.io/docs/minio/linux/admin...
min.io/docs/minio/linux/opera...
MinIO is an open-source object storage server released under the GNU AGPL v3 license. It's compatible with Amazon S3, making it a great choice for deploying your storage infrastructure on Kubernetes.
Connect with us:
Website: min.io/
LinkedIn: / minio-inc-
Twitter: / minio
Docs: min.io/docs/minio/kubernetes/...
Slack: minio.slack.com/
#ObjectStorage #MultiCloud #CloudNative #Kubernetes #ObjectStore

Пікірлер: 21
@vaibhavtripathi8378
@vaibhavtripathi8378 2 ай бұрын
@MinIO Great! Here, you have explained the login in minIO console through Keycloak. What if I have a service/system which generates the token through Keycloak confidential client and then use the token to access the minIO bucket based on policy. How can we do that? thanks in advance!!
@MINIO
@MINIO 2 ай бұрын
I believe this documentation can help: min.io/docs/minio/linux/developers/security-token-service.html
@BlackGloves31
@BlackGloves31 11 ай бұрын
Thank you for this awesome showcase. While I was successful in setting up a Minio / Keycloak Integration, I'm unable to setup the "Backchannel Logout" so that when a session is closed in Keycloak, it should log you out from Minio. Is it possible ?
@MINIO
@MINIO 11 ай бұрын
I believe what you're looking for is the Keycloak admin URL setting: min.io/docs/minio/linux/reference/minio-mc-admin/mc-admin-config.html#mc-conf.identity_openid.keycloak_admin_url
@dron6g645
@dron6g645 Ай бұрын
Hi! Please tell me, is it possible to connect minIO to ADFS? I can't find the instructions on google. I watched your videos on setting up with Keycloak. Tell me, is there any way to connect to ADFS at all, or does it make no sense for me to try to do something in this direction?
@MINIO
@MINIO Ай бұрын
ADFS does have OpenID features, you need to make sure you're sending back a properly formed JWT that includes a policy claim.
@personcunha
@personcunha 11 ай бұрын
Great 🎉 What about Nomad Orchestrator?
@MINIO
@MINIO 11 ай бұрын
Many of these settings can also be done via environment variables, if that helps your orchestration efforts. min.io/docs/minio/linux/operations/external-iam/configure-openid-external-identity-management.html
@maciejk7689
@maciejk7689 11 ай бұрын
Greate ... but how it work with detach minio console ( ui ).... connected to minio cluster
@MINIO
@MINIO 11 ай бұрын
With a detached MinIO Console, you're running a specific user, console, to attach to your cluster. Are you looking to serve the console user credentials from OpenID? Or just auth other users? All the user management is still done via the MinIO server, not Console.
@maciejk7689
@maciejk7689 11 ай бұрын
@@MINIO i known this all... :) But it' s has sone problem with API admin config....
@MINIO
@MINIO 11 ай бұрын
Unfortunately, I can't really diagnose this without knowing more details about your setup. Have you considered reaching out to our support on Subnet?
@maciejk7689
@maciejk7689 11 ай бұрын
@@MINIO i will try
@halllo54321
@halllo54321 17 күн бұрын
Does IT Work with entra i don't find the entry for Policy attributr
@MINIO
@MINIO 17 күн бұрын
So, you can set the policy attribute to whatever name your OpenID is using. MinIO just defaults to looking in the JWT for an attribute named "policy" that has a list of policy names that match policies in MinIO.
@halllo54321
@halllo54321 17 күн бұрын
But we don't Talk ablut Claims? iam a bit confused with Claims and policys in this context. I have a group Claim and in my Policy i have a conditional which Checks the jwt:groups variable
@MINIO
@MINIO 15 күн бұрын
That's not how MinIO expects to assign policies. MinIO is looking for an attribute in the JWT that explicitly names a policy that MinIO manages. You *could* change the attribute name that MinIO looks for, such as telling it to look for "group", but the value of the group variable should still be a named policy in MinIO.
@halllo54321
@halllo54321 15 күн бұрын
Ah i understand so the value from the group Claim in the jwt have to be the Same as the Policy Name in minio.
@MINIO
@MINIO 15 күн бұрын
Correct. Just be sure to tell MinIO to look for "group" rather than the default "policy" in the JWT.
ОСКАР vs БАДАБУМЧИК БОЙ! УВЕЗЛИ на СКОРОЙ!
13:45
ОСКАР vs БАДАБУМЧИК БОЙ! УВЕЗЛИ на СКОРОЙ!
Бадабумчик
Рет қаралды 4,6 МЛН
100❤️
00:19
100❤️
MY💝No War🤝
Рет қаралды 14 МЛН
孩子多的烦恼?#火影忍者 #家庭 #佐助
00:31
孩子多的烦恼?#火影忍者 #家庭 #佐助
火影忍者一家
Рет қаралды 49 МЛН
3M❤️ #thankyou #shorts
00:16
3M❤️ #thankyou #shorts
ウエスP -Mr Uekusa- Wes-P
Рет қаралды 14 МЛН
Собери ПК и Получи 10,000₽
1:00
Собери ПК и Получи 10,000₽
build monsters
Рет қаралды 2,4 МЛН
Какой ноутбук взять для бабушки? #msi #rtx4090 #laptop #юмор #игровой #apple #shorts
0:14
Какой ноутбук взять для бабушки? #msi #rtx4090 #laptop #юмор #игровой #apple #shorts
Buy Smart┃Магазин ноутбуков
Рет қаралды 1,7 МЛН
1$ vs 500$ ВИРТУАЛЬНАЯ РЕАЛЬНОСТЬ !
23:20
1$ vs 500$ ВИРТУАЛЬНАЯ РЕАЛЬНОСТЬ !
GoldenBurst
Рет қаралды 1,6 МЛН
Сложный РЕМОНТ ТОПОВОГО Samsung Galaxy S22 ULTRA SM-S908E после залития / НЕ ЛОВИТ СЕТИ
20:45
Сложный РЕМОНТ ТОПОВОГО Samsung Galaxy S22 ULTRA SM-S908E после залития / НЕ ЛОВИТ СЕТИ
notebook-31
Рет қаралды 83 М.
iPhone 15 Pro в реальной жизни
24:07
iPhone 15 Pro в реальной жизни
HUDAKOV
Рет қаралды 179 М.
А СУЩЕСТВУЕТ ТРЕХКАНАЛЬНЫЙ РЕЖИМ РАБОТЫ ОПЕРАТИВНОЙ ПАМЯТИ ? #ddr4 #ddr5 #оперативнаяпамять
0:51
А СУЩЕСТВУЕТ ТРЕХКАНАЛЬНЫЙ РЕЖИМ РАБОТЫ ОПЕРАТИВНОЙ ПАМЯТИ ? #ddr4 #ddr5 #оперативнаяпамять
Inter Link
Рет қаралды 755 М.
WINDOWS запустили НА ВЕЙПЕ! 👀 #технологии #одноразки #вейп
0:24
WINDOWS запустили НА ВЕЙПЕ! 👀 #технологии #одноразки #вейп
Alisher Beisebai
Рет қаралды 474 М.