This Keycloak MCP server provides a standardized interface for comprehensive Keycloak administration, offering full control over users, realms, clients, groups, and roles through the official Keycloak Admin Client.
Core Capabilities:
User Management: Create, delete, and list users within specific realms
Realm Operations: List all available realms
Client Management: List clients in realms and their associated roles
Group Operations: List groups and add users to specific groups
Role Assignment: Assign client roles to users
The server enables complete administrative control over Keycloak instances through a unified, standardized interface.
Provides tools for Keycloak identity and access management, including user management (creating, listing, deleting), realm management, client management, group management, and role management capabilities.
Keycloak MCP Server
A Model Context Protocol (MCP) server implementation for Keycloak, providing a standardized interface for managing Keycloak users and realms.
Description
This project implements an MCP server that integrates with Keycloak, allowing you to manage Keycloak users and realms through a standardized protocol. It uses the official Keycloak Admin Client to interact with Keycloak's API.
Feature Demo
https://github.com/user-attachments/assets/4b02a049-b8d6-4cc5-a7b4-564a0e758dd8
Available Tools
create-user
Creates a new user in a specified realm.
Inputs:
realm
: The realm nameusername
: Username for the new useremail
: Email address for the userfirstName
: User's first namelastName
: User's last name
delete-user
Deletes a user from a specified realm.
Inputs:
realm
: The realm nameuserId
: The ID of the user to delete
list-realms
Lists all available realms.
list-users
Lists all users in a specified realm.
Inputs:
realm
: The realm name
list-clients
Lists all clients in a specified realm.
Inputs:
realm
: The realm name
list-groups
Lists all groups in a specified realm.
Inputs:
realm
: The realm name
list-client-roles
Lists all roles for a specific client in a realm.
Inputs:
realm
: The realm nameclientUniqueId
: The unique ID of the client
assign-client-role-to-user
Assigns a client role to a specific user.
Inputs:
realm
: The realm nameuserId
: The ID of the userclientUniqueId
: The unique ID of the clientroleName
: The name of the role to assign
add-user-to-group
Adds a user to a specific group.
Inputs:
realm
: The realm nameuserId
: The ID of the usergroupId
: The ID of the group
Prerequisites
Node.js (Latest LTS version recommended)
npm
A running Keycloak instance
Installation
Installing via Smithery
To install keycloak-mcp for Claude Desktop automatically via Smithery:
Installing via NPM
Configure environment:
You can set configuration options using command-line arguments or environment variables:
--keycloak-url <Keycloak Instance URL>
--keycloak-admin <Admin Username>
--keycloak-admin-password <Admin Password>
These arguments override environment variables if both are set.
Start the server:
The server is available as an NPM package:
Configuration
Using NPM Package
Configure the server in your Cursor IDE, Cline or Claude Desktop MCP configuration file:
For Local Development
Development
To set up the development environment:
Clone the repository
Install dependencies:
npm installSet env vars
cp .env.template .env # Edit the .env file and set all variables with the appropriate valuesStart the project:
npm run dev
Available Scripts
npm run build
- Builds the project and makes the CLI executablenpm run prepare
- Runs the build script (used during package installation)npm run dev
- Watches for changes and rebuilds automaticallynpm start
- Starts the server (for production)
Dependencies
Main Dependencies
@keycloak/keycloak-admin-client
- Official Keycloak Admin Client@modelcontextprotocol/sdk
- MCP SDK for standardized protocol implementationzod
- TypeScript-first schema validationchalk
- Terminal string stylingyargs
- Parsing command-line arguments
Dev Dependencies
typescript
- For TypeScript support@types/node
- TypeScript definitions for Node.jsshx
- Cross-platform shell commandsts-node
- TypeScript execution and REPL for Node.jsrimraf
- A cross-platform tool to remove directories@types/yargs
- TypeScript definitions for yargs
License
MIT
Author
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Tools
A Model Context Protocol server that enables management of Keycloak users and realms through a standardized interface, providing tools for user creation, deletion, role assignment, and group management.
- Description
- Feature Demo
- Available Tools
- Prerequisites
- Installation
- Configuration
- Development
- Dependencies
- License
- Author
Related Resources
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol server that provides tools to manage Keycloak users and realms, allowing you to create and delete users, list available realms, and view users in specific realms.Last updated -42232
- AsecurityAlicenseAqualityA Model Context Protocol server that enables managing Terrakube infrastructure through natural language, handling workspace management, variables, modules, and organization operations.Last updated -1612Apache 2.0
- AsecurityFlicenseAqualityA Model Context Protocol server implementation that provides endpoints for wallet-based authentication, cluster management, and name registration services.Last updated -1
- -securityFlicense-qualityA Model Context Protocol server that integrates with Slack API, allowing users to send messages, view channel history, manage channels, send direct messages, and retrieve user lists from Slack workspaces.Last updated -1