-
Notifications
You must be signed in to change notification settings - Fork 0
Providers
Kolin edited this page Jun 13, 2026
·
2 revisions
The plugin has been tested with the following identity providers. Click a provider name for a detailed setup guide.
| Provider | RBAC | Notes |
|---|---|---|
| Authelia | Yes | Requires disablePushedAuthorization: true
|
| authentik | Yes | |
| Keycloak | Yes | Supports both realm and client roles |
| Pocket ID | Yes | |
| Kanidm | Yes | |
| No | Requires doNotValidateEndpoints: true; usernames are numeric |
| Provider | RBAC | Notes |
|---|---|---|
| Keycloak | Yes | Full SAML 2.0 support |
Any OIDC or SAML 2.0 compliant provider should work. The general requirements are:
OpenID Connect:
-
.well-known/openid-configurationdiscovery endpoint - Authorization code flow
- Client ID and secret support
- Configurable redirect URI
SAML 2.0:
- Document signing enabled
- Client signature not required
- Configurable ACS URL
- Role attributes in assertions
If you successfully configure a provider not listed here, please contribute a guide by opening a pull request that updates providers.md.
Getting Started
Configuration
Providers
Reference
Development