When the openid login page sends the refresh token in
the login redirection url, the code will get it. This is
helpful to support refresh openid user claims routine.
Co-authored-by: Anis Eleuch <anis@min.io>
- Removed Menu links for Support tools
- Removed support in UI for registering cluster
- Removed Subnet support
- Removed Websockets for tools support
- Removed Support endpoint
- Removed Subnet support endpoints
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
most of our deployments use custom certificates, using DefaultClient
makes it virtually impossible to make share URL feature work.
this PR fixes this behavior in the implementation.
Bonus: re-use transports inside console, will add more changes to
take custom transport inputs in subsequent PR.
Share link duration is based on the token expiration,
this increases the IDP token expiration so the share link
is able to last longer, by using an env variable called
MINIO_STS_DURATION
Do not bother the user with an error if the IDP expiry is less than
900 seconds, since the S3 spec sets a minimum of 900 seconds for STS
expiration, use that minimum duration instead of returning an error
Co-authored-by: Anis Elleuch <anis@min.io>
Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
For registered clusters, after generating the Health Info report, Health Info is uploaded to Subnet, and latest metrics are visible in Subnet.
Authored-by: Jillian Inapurapu <jillii@Jillians-MBP.attlocal.net>
During SSO login, Console contacts MinIO server to generate new temporary credentials. When TLS is enabled, setting up a correct TLS certificate is something that needs to be done correctly by the user. However, recently, we started to skip the TLS verification when Console talks to MinIO server using a loopback address, but we missed the case of Console generating temporary credentials in case of IDP. This commit will get the configured MinIO server url to decide if the STS call needs to skip the TLS verification or not.
Co-authored-by: Anis Elleuch <anis@min.io>
This is a regression from 118cf97e1d when
env var support for passing console configuration from MinIO was
removed.
This change ensures that all MinIO nodes in a cluster are able to verify
state tokens generated by other nodes in the cluster. Without this, it
is necessary to use sticky sessions in a loadbalancer to ensure that
OIDC authorization code login flow steps for a client happens on the
same minio node.
Fixes https://github.com/minio/minio/issues/15527
* Allow multiple IDPs config to be passed via struct
* This removes support for ENV based IDP configuration for console
* Ensure default scopes are used if none are given
* Add display name field for provider config
- Added flag CONSOLE_OBJECT_BROWSER_ONLY=on to trigger between console mode & Object Browser only
- Hidden not necessary buttons for object browse
- STS Login
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
