diff --git a/weed/iam/integration/iam_integration_test.go b/weed/iam/integration/iam_integration_test.go
index c5de6ec60..947fc3145 100644
--- a/weed/iam/integration/iam_integration_test.go
+++ b/weed/iam/integration/iam_integration_test.go
@@ -63,7 +63,7 @@ func TestFullOIDCWorkflow(t *testing.T) {
 				RoleSessionName:  tt.sessionName,
 			}
 			
-			response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", assumeRequest)
+			response, err := iamManager.AssumeRoleWithWebIdentity(ctx, assumeRequest)
 			
 			if !tt.expectedAllow {
 				assert.Error(t, err)
@@ -78,7 +78,7 @@ func TestFullOIDCWorkflow(t *testing.T) {
 			
 			// Step 2: Test policy enforcement with assumed credentials
 			if tt.testAction != "" && tt.testResource != "" {
-				allowed, err := iamManager.IsActionAllowed(ctx, "localhost:8888", &ActionRequest{
+				allowed, err := iamManager.IsActionAllowed(ctx, &ActionRequest{
 					Principal:    response.AssumedRoleUser.Arn,
 					Action:       tt.testAction,
 					Resource:     tt.testResource,
@@ -139,7 +139,7 @@ func TestFullLDAPWorkflow(t *testing.T) {
 				ProviderName:    "test-ldap",
 			}
 			
-			response, err := iamManager.AssumeRoleWithCredentials(ctx, "localhost:8888", assumeRequest)
+			response, err := iamManager.AssumeRoleWithCredentials(ctx, assumeRequest)
 			
 			if !tt.expectedAllow {
 				assert.Error(t, err)
@@ -152,7 +152,7 @@ func TestFullLDAPWorkflow(t *testing.T) {
 			
 			// Step 2: Test policy enforcement
 			if tt.testAction != "" && tt.testResource != "" {
-				allowed, err := iamManager.IsActionAllowed(ctx, "localhost:8888", &ActionRequest{
+				allowed, err := iamManager.IsActionAllowed(ctx, &ActionRequest{
 					Principal:    response.AssumedRoleUser.Arn,
 					Action:       tt.testAction,
 					Resource:     tt.testResource,
@@ -178,7 +178,7 @@ func TestPolicyEnforcement(t *testing.T) {
 		RoleSessionName:  "policy-test-session",
 	}
 	
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", assumeRequest)
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, assumeRequest)
 	require.NoError(t, err)
 	
 	sessionToken := response.Credentials.SessionToken
@@ -230,7 +230,7 @@ func TestPolicyEnforcement(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			allowed, err := iamManager.IsActionAllowed(ctx, "localhost:8888", &ActionRequest{
+			allowed, err := iamManager.IsActionAllowed(ctx, &ActionRequest{
 				Principal:    principal,
 				Action:       tt.action,
 				Resource:     tt.resource,
@@ -256,13 +256,13 @@ func TestSessionExpiration(t *testing.T) {
 		DurationSeconds:  int64Ptr(900), // 15 minutes
 	}
 	
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", assumeRequest)
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, assumeRequest)
 	require.NoError(t, err)
 	
 	sessionToken := response.Credentials.SessionToken
 	
 	// Verify session is initially valid
-	allowed, err := iamManager.IsActionAllowed(ctx, "localhost:8888", &ActionRequest{
+	allowed, err := iamManager.IsActionAllowed(ctx, &ActionRequest{
 		Principal:    response.AssumedRoleUser.Arn,
 		Action:       "s3:GetObject",
 		Resource:     "arn:seaweed:s3:::test-bucket/file.txt",
@@ -276,11 +276,11 @@ func TestSessionExpiration(t *testing.T) {
 	assert.True(t, response.Credentials.Expiration.Before(time.Now().Add(16*time.Minute)))
 	
 	// Test actual session expiration
-	err = iamManager.ExpireSessionForTesting(ctx, "localhost:8888", sessionToken)
+	err = iamManager.ExpireSessionForTesting(ctx, sessionToken)
 	require.NoError(t, err)
 	
 	// Verify session is now expired and access is denied
-	allowed, err = iamManager.IsActionAllowed(ctx, "localhost:8888", &ActionRequest{
+	allowed, err = iamManager.IsActionAllowed(ctx, &ActionRequest{
 		Principal:    response.AssumedRoleUser.Arn,
 		Action:       "s3:GetObject",
 		Resource:     "arn:seaweed:s3:::test-bucket/file.txt",
@@ -353,7 +353,7 @@ func setupIntegratedIAMSystem(t *testing.T) *IAMManager {
 			MaxSessionLength:   time.Hour * 12,
 			Issuer:            "test-sts",
 			SigningKey:        []byte("test-signing-key-32-characters-long"),
-			SessionStoreType:  "memory", // Use memory for unit tests
+
 		},
 		Policy: &policy.PolicyEngineConfig{
 			DefaultEffect: "Deny",
diff --git a/weed/iam/integration/role_store_test.go b/weed/iam/integration/role_store_test.go
index 2e19dc0f6..21ef072f0 100644
--- a/weed/iam/integration/role_store_test.go
+++ b/weed/iam/integration/role_store_test.go
@@ -92,7 +92,7 @@ func TestDistributedIAMManagerWithRoleStore(t *testing.T) {
 			MaxSessionLength:   43200,
 			Issuer:            "test-issuer",
 			SigningKey:        []byte("test-signing-key-32-characters-long"),
-			SessionStoreType:  "memory",
+
 		},
 		Policy: &policy.PolicyEngineConfig{
 			DefaultEffect: "Deny",
diff --git a/weed/iam/sts/sts.test b/weed/iam/sts/sts.test
new file mode 100755
index 000000000..f135ea821
Binary files /dev/null and b/weed/iam/sts/sts.test differ