Replace hardcoded localhost:3080 chat link with configurable
LIBRECHAT_URL environment variable, passed through AuthInfo to
the sidebar component.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Switch to host networking so LibreChat can reach Keycloak on localhost.
Patch openidStrategy.js to allow HTTP OIDC issuers for local dev
(openid-client v6 enforces HTTPS by default). Add support for
OPENID_AUTH_EXTRA_PARAMS env var and set prompt=none for automatic
SSO login when a Keycloak session exists.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
prompt=none causes silent failure when no Keycloak session exists yet.
Standard OIDC flow still provides seamless SSO when the user has an
active Keycloak session from the dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the custom chat page with an external LibreChat instance that
shares Keycloak SSO for seamless auto-login. Removes Tools and Knowledge
Base pages as these are now handled by LibreChat's built-in capabilities.
- Add LibreChat service to docker-compose with Ollama backend config
- Add Keycloak OIDC client (certifai-librechat) with prompt=none for
silent SSO
- Create librechat.yaml with CERTifAI branding, Ollama endpoint, and
custom page title/logo
- Change sidebar Chat link to external URL (opens LibreChat in new tab)
- Remove chat page, tools page, knowledge base page and all related
components (chat_sidebar, chat_bubble, chat_input_bar, etc.)
- Remove tool_card, file_row components and tool/knowledge models
- Remove chat_stream SSE handler (no longer needed)
- Clean up i18n files: remove chat, tools, knowledge sections
- Dashboard article summarization via Ollama remains intact
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
