Access Management Plugin Settings

This page documents settings for enabling external authorization management using the AIStor Access Management Plugin. See AIStor External Access Management Plugin for a tutorial on using these settings.

You can establish or modify settings by defining:

  • an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable.
  • a configuration setting using mc admin config set.

If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.

Some settings have only an environment variable or a configuration setting, but not both.

Each configuration setting controls fundamental AIStor behavior and functionality. AIStor strongly recommends testing configuration changes in a lower environment, such as DEV or QA, before applying to production.

Examples

When setting up the AIStor Access Management plugin, you must define at minimum all required settings. The examples here represent the minimum required setting.

Settings

URL

Required

The webhook endpoint for the external access management service (https://authzservice.example.net:8080/authz).

Auth Token

Optional

An authentication token to present to the configured webhook endpoint.

Specify a supported HTTP Authentication scheme as a string value, such as "Bearer TOKEN". AIStor sends the token using the HTTP Authorization header.

HTTP2

Optional

Enable experimental HTTP2 support for connecting to the configure webhook service.

Defaults to off

Comment

Optional

Specify a comment to associate to the external access management configuration.

All rights reserved 2024-Present, MinIO, Inc.