Skip to main content
Glama

mcp-keycloak

by idoyudha

Keycloak MCP Server

A Model Context Protocol (MCP) server that provides a natural language interface for managing Keycloak identity and access management through its REST API. This server enables AI agents to perform user management, client configuration, realm administration, and role-based access control operations seamlessly.

Overview

The Keycloak MCP Server bridges the gap between AI applications and Keycloak's powerful identity management capabilities. Whether you're building an AI assistant that needs to manage users, configure clients, or handle complex authorization scenarios, this server provides the tools you need through simple, natural language commands.

Features

🔐 Comprehensive User Management

Manage users lifecycle from creation to deletion, including password resets, session management, and user attribute updates.

🏢 Client Configuration

Create and configure OAuth2/OIDC clients, manage client secrets, and handle service accounts programmatically.

👥 Role-Based Access Control

Define and assign realm and client-specific roles, manage user permissions, and implement fine-grained access control.

🏛️ Realm Administration

Configure realm settings, manage default groups, handle event configurations, and control realm-wide policies.

🔄 Group Management

Organize users into groups, manage group hierarchies, and handle group-based permissions efficiently.

Installation

Installing via Smithery

To install mcp-keycloak for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install mcp-keycloak --client claude

Quick Start

Install using pip:

pip install mcp-keycloak

Development Installation

Clone the repository and install dependencies:

git clone https://github.com/idoyudha/mcp-keycloak.git cd mcp-keycloak pip install -e .

Configuration

The server can be configured using environment variables or a .env file:

# Required configuration SERVER_URL=https://your-keycloak-server.com USERNAME=admin-username PASSWORD=admin-password REALM_NAME=your-realm # Optional OAuth2 client configuration CLIENT_ID=optional-client-id CLIENT_SECRET=optional-client-secret

Tools

The Keycloak MCP Server provides a comprehensive set of tools organized by functionality:

User Management

Complete user lifecycle management including:

  • list_users - List users with pagination and filtering
  • create_user / update_user / delete_user - Full CRUD operations
  • reset_user_password - Password management
  • get_user_sessions / logout_user - Session control
  • count_users - User statistics

Client Management

OAuth2/OIDC client configuration:

  • list_clients / get_client / create_client - Client operations
  • get_client_secret / regenerate_client_secret - Secret management
  • get_client_service_account - Service account access
  • update_client / delete_client - Client modifications

Role Management

Fine-grained permission control:

  • list_realm_roles / create_realm_role - Realm role operations
  • list_client_roles / create_client_role - Client-specific roles
  • assign_realm_role_to_user / remove_realm_role_from_user - Role assignments
  • get_user_realm_roles / assign_client_role_to_user - User role queries

Group Management

Hierarchical user organization:

  • list_groups / create_group / update_group - Group operations
  • get_group_members / add_user_to_group - Membership management
  • get_user_groups / remove_user_from_group - User group associations

Realm Administration

System-wide configuration:

  • get_realm_info / update_realm_settings - Realm configuration
  • get_realm_events_config / update_realm_events_config - Event management
  • add_realm_default_group / remove_realm_default_group - Default settings

Usage

Running the Server

Start the MCP server directly:

python -m src.main

Integration Examples

Claude Desktop
  1. Clone the server:
git clone https://github.com/idoyudha/mcp-keycloak.git
  1. Configure in claude_desktop_config.json:
{ "mcpServers": { "keycloak": { "command": "uv", "args": [ "--directory", "/path/to/mcp-keycloak", "run", "src/main.py" ], "env": { "SERVER_URL": "https://your-keycloak.com", "USERNAME": "admin", "PASSWORD": "admin-password", "REALM_NAME": "your-realm" } } } }
Using uvx
{ "mcpServers": { "keycloak": { "command": "uvx", "args": [ "mcp-keycloak" ], "env": { "SERVER_URL": "https://your-keycloak.com", "USERNAME": "admin", "PASSWORD": "admin-password", "REALM_NAME": "your-realm" } } } }

Example Use Cases

🤖 AI-Powered Identity Management

Build AI assistants that can handle user onboarding, permission management, and access control through natural language commands.

🔄 Automated User Provisioning

Create workflows that automatically provision users, assign roles, and configure client applications based on business rules.

📊 Identity Analytics

Query and analyze user data, session information, and access patterns to gain insights into your identity infrastructure.

🚀 DevOps Integration

Integrate Keycloak management into your CI/CD pipelines, allowing automated configuration of identity services.

Requirements

  • Python 3.8 or higher
  • Keycloak server (tested with Keycloak 18+)
  • Admin access to Keycloak realm

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Support

For issues, questions, or contributions, please visit the GitHub repository.

Related MCP Servers

View all related MCP servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/idoyudha/mcp-keycloak'

If you have feedback or need assistance with the MCP directory API, please join our Discord server