Skip to content

what is the Claim Name or MINIO_IDENTITY_OPENID_CLAIM_NAME or identity_openid claim_name in MinIO keycloak

Cesar Celis Hernandez edited this page Aug 13, 2023 · 1 revision

Ok in keycloak config you put the name:

Screenshot 2023-08-13 at 7 21 59 AM

https://github.com/cniackz/public/wiki/How-to-test-MinIO-SSO-keycloak

Screenshot 2023-08-13 at 7 21 37 AM

This same name is defaulted to policy in minio:

https://min.io/docs/minio/linux/reference/minio-server/minio-server.html

Screenshot 2023-08-13 at 7 22 41 AM

Hence you don't have to set a name as they match. But if you put a different name it will fail:

Screenshot 2023-08-13 at 7 23 16 AM

so make sure they match, if you do this:

$ mc admin config get myminio identity_openid --insecure
# MINIO_IDENTITY_OPENID_CONFIG_URL=http://72.140.145.27/auth/realms/myrealm/.well-known/openid-configuration
# MINIO_IDENTITY_OPENID_CLIENT_ID=account
# MINIO_IDENTITY_OPENID_CLIENT_SECRET=6aabe0ea-8d5f-412c-99f8-63b999ccd281
# MINIO_IDENTITY_OPENID_CLAIM_NAME=nombredelclaim
# MINIO_IDENTITY_OPENID_SCOPES=openid,profile,email
identity_openid enable= display_name= config_url= client_id= client_secret= claim_name=policy claim_userinfo= role_policy= claim_prefix= redirect_uri= redirect_uri_dynamic=off scopes= vendor= keycloak_realm= keycloak_admin_url= 

then # MINIO_IDENTITY_OPENID_CLAIM_NAME=nombredelclaim will introduce failure, set it back to policy match them

Clone this wiki locally