Skip to content

docs: Add OIDC Group Synchronization documentation for Keycloak #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs: Add OIDC Group Synchronization documentation for Keycloak #426

wants to merge 2 commits into from

Conversation

@leondape
Copy link
Contributor

@leondape leondape commented Oct 7, 2025

Add comprehensive documentation for the new OIDC group sync feature:

  • Overview and prerequisites
  • Configuration examples for realm roles, client roles, and groups
  • Step-by-step setup instructions
  • Troubleshooting guide with common claim paths
  • Usage examples for permissions
  • Limitations and best practices

Covers integration with LibreChat's granular permissions system for agents, prompts, files, and conversations.

Related to LibreChat PR and issue danny-avila/LibreChat#10006

@leondape
docs: Add OIDC Group Synchronization documentation for Keycloak
5f6e80e 
Add comprehensive documentation for the new OIDC group sync feature:
- Overview and prerequisites
- Configuration examples for realm roles, client roles, and groups
- Step-by-step setup instructions
- Troubleshooting guide with common claim paths
- Usage examples for permissions
- Limitations and best practices

Covers integration with LibreChat's granular permissions system
for agents, prompts, files, and conversations.

Related to LibreChat PR and issue #10006
@vercel
Copy link

vercel bot commented Oct 7, 2025

@leondape is attempting to deploy a commit to the LibreChat's projects Team on Vercel.

A member of the Team first needs to authorize it.

@leondape leondape mentioned this pull request Oct 7, 2025
Open
11 tasks
@leondape
docs: Add group/role exclusion pattern documentation
387a3f3 
Document OPENID_GROUPS_EXCLUDE_PATTERN configuration option:
- Explain exact match (case-insensitive) and regex pattern support
- Provide common Keycloak exclusion examples
- Show why to exclude system roles, default roles, and auth roles
- Add practical scenario with admin/developers vs system roles
- Include configuration examples for filtering out:
  - offline_access, uma_authorization (system roles)
  - default-roles-* (default realm roles)
  - manage-account, view-profile (account management)

Complements the group sync feature by allowing fine-grained control
over which roles become groups in LibreChat.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leondape