docs/content/integration/openid-connect/clients/minio/index.md
{{% oidc-common bugs="claims-hydration" %}}
This example makes the following assumptions:
https://minio.{{< sitevar name="domain" nojs="example.com" >}}/https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/minioinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
The following YAML configuration is an example Authelia client configuration for use with MinIO which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'minio'
client_name: 'MinIO'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://minio.{{< sitevar name="domain" nojs="example.com" >}}/oauth_callback'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
{{% oidc-escape-hatch-claims-hydration client_id="minio" %}}
To configure MinIO there are two methods, using Environment Variables, or using the Web GUI.
To configure MinIO to utilize Authelia as an OpenID Connect 1.0 Provider, use the following environment variables:
MINIO_IDENTITY_OPENID_CONFIG_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
MINIO_IDENTITY_OPENID_CLIENT_ID=minio
MINIO_IDENTITY_OPENID_CLIENT_SECRET=insecure_secret
MINIO_IDENTITY_OPENID_SCOPES=openid,profile,email,groups
MINIO_IDENTITY_OPENID_REDIRECT_URI=https://minio.{{< sitevar name="domain" nojs="example.com" >}}/oauth_callback
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC=off
MINIO_IDENTITY_OPENID_DISPLAY_NAME=Authelia
MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
MINIO_IDENTITY_OPENID_CLAIM_USERINFO=on
services:
minio:
environment:
MINIO_IDENTITY_OPENID_CONFIG_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration'
MINIO_IDENTITY_OPENID_CLIENT_ID: 'minio'
MINIO_IDENTITY_OPENID_CLIENT_SECRET: 'insecure_secret'
MINIO_IDENTITY_OPENID_SCOPES: 'openid,profile,email,groups'
MINIO_IDENTITY_OPENID_REDIRECT_URI: 'https://minio.{{< sitevar name="domain" nojs="example.com" >}}/oauth_callback'
MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC: 'off'
MINIO_IDENTITY_OPENID_DISPLAY_NAME: 'Authelia'
MINIO_IDENTITY_OPENID_CLAIM_NAME: 'groups'
MINIO_IDENTITY_OPENID_CLAIM_USERINFO: 'on'
To configure MinIO to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:
Identity, then OpenIDCreate Configurationautheliahttps://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configurationminioinsecure_secretgroupsAutheliaopenid,profile,email,groupshttps://minio.{{< sitevar name="domain" nojs="example.com" >}}/oauth_callbackSave at the bottomOther Authentication Methods open, then select Authelia from the list.You may also want to consider adding a default policy to your user groups in Authelia.