MinIO supports external identity management using an OpenID Connect (OIDC)-compatible provider. This document covers the configuration of Casdoor as an identity provider to support MinIO.
Step 1: Deploy Casdoor & MinIO
First, deploy Casdoor.
You can refer to the Casdoor official documentation for Server Installation.
After a successful deployment, make sure that:
- The Casdoor server is running on http://localhost:8000.
- Open your favorite browser and visit http://localhost:7001 to see the login page of Casdoor.
- Test the login functionality by entering
Next, you can quickly implement a Casdoor-based login page in your own app by following these steps.
Step 2: Configure Casdoor Application
Create a new Casdoor application or use an existing one.
Add your redirect URL.
Add the provider you want and provide any necessary settings.
On the application settings page, you will find two values:
Client secret(as shown in the picture above). We will use these values in the next step.
Open your favorite browser and visit: http://
CASDOOR_HOSTNAME/.well-known/openid-configuration to see the OIDC configuration of Casdoor.
This step is necessary for MinIO. As MinIO needs to use a claim attribute in JWT for its policy, you should configure it in Casdoor as well. Currently, Casdoor uses
tagas a workaround for configuring MinIO's policy.
You can find all the supported policies here.
Step 3: Configure MinIO
You can start a MinIO server using the following commands:
minio server /mnt/export
You can use the
--console-address parameter to configure the address and port.
Next, add a service alias using the MinIO client
mc alias set myminio <Your console address> minio minio123
Now, configure the OpenID Connect of MinIO. For Casdoor, the command will be:
mc admin config set myminio identity_openid config_url="http://CASDOOR_HOSTNAME/.well-known/openid-configuration" client_id=<client id> client_secret=<client secret> claim_name="tag"
You can refer to the official document for more detailed parameters.
Once successfully set, restart the MinIO instance.
Step 4: Try the demo!
Now, open your MinIO console in the browser and click on
Login with SSO.
You will be redirected to the Casdoor user login page. Upon successful login, you will be redirected to the MinIO page and logged in automatically. You should now see the buckets and objects that you have access to.
If you deploy the frontend and backend of Casdoor on different ports, the login page you are redirected to will be on the backend port and it will display
404 not found. You can modify the port to the frontend one. Then you can access the Casdoor login page successfully.