From 78ffe6198fab799e89dca4bb8e785beda52a2780 Mon Sep 17 00:00:00 2001
From: Philip Haupt <“der.mad.mob@gmail.com”>
Date: Sat, 15 Nov 2025 23:23:37 +0100
Subject: [PATCH] fix role claim

---
 open-webui/main.yaml       | 2 +-
 open-webui/src/values.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/open-webui/main.yaml b/open-webui/main.yaml
index 454797f..67a5196 100644
--- a/open-webui/main.yaml
+++ b/open-webui/main.yaml
@@ -213,7 +213,7 @@ spec:
         - name: ENABLE_OAUTH_ROLE_MANAGEMENT
           value: "True"
         - name: OAUTH_ROLES_CLAIM
-          value: realm_roles
+          value: realm_access.roles
         - name: OAUTH_ALLOWED_ROLES
           value: default-roles-home
         - name: OAUTH_ADMIN_ROLES
diff --git a/open-webui/src/values.yaml b/open-webui/src/values.yaml
index 5f7d69f..fe3e77b 100644
--- a/open-webui/src/values.yaml
+++ b/open-webui/src/values.yaml
@@ -656,7 +656,7 @@ sso:
   roleManagement:
     # -- The claim that contains the roles (can be nested, e.g., user.roles)
     # @section -- Role management configuration
-    rolesClaim: realm_roles
+    rolesClaim: realm_access.roles
     # -- Comma-separated list of roles allowed to log in (receive open webui role user)
     # @section -- Role management configuration
     allowedRoles: "default-roles-home"