create-user
Create a new user in a Keycloak realm by specifying details like username, email, first and last name, and credentials. Enables efficient user management in the Advanced Keycloak MCP server.
Instructions
Create a new user in a specific realm
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| credentials | No | User credentials | |
| Yes | Email address for the new user | ||
| emailVerified | No | Whether the email is verified | |
| enabled | No | Whether the user is enabled | |
| firstName | Yes | First name of the user | |
| lastName | Yes | Last name of the user | |
| realm | Yes | Realm name | |
| username | Yes | Username for the new user |
Implementation Reference
- src/index.ts:335-364 (registration)Registration of the 'create-user' tool in the ListTools response, including description and JSON schema for input validation.{ name: "create-user", description: "Create a new user in a specific realm", inputSchema: { type: "object", properties: { realm: { type: "string", description: "Realm name" }, username: { type: "string", description: "Username for the new user" }, email: { type: "string", format: "email", description: "Email address for the new user" }, firstName: { type: "string", description: "First name of the user" }, lastName: { type: "string", description: "Last name of the user" }, enabled: { type: "boolean", description: "Whether the user is enabled", default: true }, emailVerified: { type: "boolean", description: "Whether the email is verified" }, credentials: { type: "array", items: { type: "object", properties: { type: { type: "string", description: "Credential type (e.g., 'password')" }, value: { type: "string", description: "Credential value" }, temporary: { type: "boolean", description: "Whether the credential is temporary" }, }, required: ["type", "value"], }, description: "User credentials", }, }, required: ["realm", "username", "email", "firstName", "lastName"], }, },
- src/index.ts:443-460 (schema)Zod schema used for runtime validation of 'create-user' tool inputs in the handler.const CreateUserSchema = z.object({ realm: z.string(), username: z.string(), email: z.string().email(), firstName: z.string(), lastName: z.string(), enabled: z.boolean().default(true), emailVerified: z.boolean().optional(), credentials: z .array( z.object({ type: z.string(), value: z.string(), temporary: z.boolean().optional(), }) ) .optional(), });
- src/index.ts:497-508 (handler)MCP CallTool dispatch handler for 'create-user': validates arguments with Zod schema and invokes the Keycloak service.case "create-user": { const params = CreateUserSchema.parse(args); const user = await keycloakService.createUser(params); return { content: [ { type: "text", text: `User created successfully. User ID: ${user.id}`, }, ], }; }
- src/index.ts:105-134 (handler)Core handler logic in KeycloakService: authenticates admin, sets realm, and creates user via Keycloak Admin Client API.async createUser(params: { realm: string; username: string; email: string; firstName: string; lastName: string; enabled?: boolean; emailVerified?: boolean; credentials?: Array<{ type: string; value: string; temporary?: boolean; }>; }) { await this.authenticate(); this.client.setConfig({ realmName: params.realm }); const user = await this.client.users.create({ realm: params.realm, username: params.username, email: params.email, firstName: params.firstName, lastName: params.lastName, enabled: params.enabled !== undefined ? params.enabled : true, emailVerified: params.emailVerified, credentials: params.credentials, }); return user; }