Advanced Keycloak MCP server

Overview Inspect Schema Related Servers Score Discussions

list-roles

Retrieve all roles for a specific client within a designated realm using the Advanced Keycloak MCP server. Simplify role management and access control analysis.

Instructions

List all roles of a specific client in a specific realm

Input Schema

TableJSON Schema

Name	Required	Description	Default
`clientId`	Yes	Client ID
`realm`	Yes	Realm name

Implementation Reference

src/index.ts:552-565 (handler)
MCP CallToolRequest handler case for 'list-roles': parses arguments, calls KeycloakService.listRoles, formats and returns the response content.
case "list-roles": { const { realm, clientId } = ListRolesSchema.parse(args); const { client, roles } = await keycloakService.listRoles(realm, clientId); return { content: [ { type: "text", text: `Roles for client '${client.clientId}' in realm '${realm}':\n${roles .map((r) => `- ${r.name}`) .join("\n")}`, }, ], }; }
src/index.ts:157-194 (helper)
KeycloakService.listRoles method: authenticates, locates the client by ID, fetches and returns the client's roles using Keycloak Admin Client APIs.
async listRoles(realm: string, clientId: string) { await this.authenticate(); this.client.setConfig({ realmName: realm }); // Find the client by clientId (can be id or clientId string) let client = null; try { client = await this.client.clients.findOne({ realm, id: clientId }); } catch {} if (!client) { const clients = await this.client.clients.find({ realm }); client = clients.find( (c) => c.clientId === clientId || c.id === clientId ); } if (!client) { throw new McpError( ErrorCode.InvalidRequest, `Client '${clientId}' not found in realm '${realm}'.` ); } if (!client.id || typeof client.id !== "string") { throw new McpError( ErrorCode.InvalidRequest, `Client found but has no valid id property.` ); } const roles = await this.client.clients.listRoles({ realm, id: client.id, }); return { client, roles }; }
src/index.ts:471-474 (schema)
Zod schema used for runtime input validation in the list-roles tool handler.
const ListRolesSchema = z.object({ realm: z.string(), clientId: z.string(), });
src/index.ts:397-408 (registration)
Tool registration in ListTools response: defines name, description, and JSON input schema advertised to MCP clients.
{ name: "list-roles", description: "List all roles of a specific client in a specific realm", inputSchema: { type: "object", properties: { realm: { type: "string", description: "Realm name" }, clientId: { type: "string", description: "Client ID" }, }, required: ["realm", "clientId"], }, },

This server cannot be installed

Other Tools

Related Tools

list-client-roles
@HaithamOumerzoug/keycloak-mcp
list-clients
@HaithamOumerzoug/keycloak-mcp
list-realms
@HaithamOumerzoug/keycloak-mcp
list_client_roles
@idoyudha/mcp-keycloak
list-users
@HaithamOumerzoug/keycloak-mcp
list-users
@Octodet/keycloak-mcp

Latest Blog Posts

MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat
Model Context Protocol Proxies: Enabling Enterprise Control with Virtual MCPs
By Om-Shree-0709 on December 9, 2025.
AI Security
Virtual MCP
Kubernetes Operator

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Octodet/keycloak-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server