Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| PASSWORD | Yes | Admin password for Keycloak | |
| USERNAME | Yes | Admin username for Keycloak | |
| CLIENT_ID | No | Optional OAuth2 client ID | |
| REALM_NAME | Yes | The Keycloak realm name to manage | |
| SERVER_URL | Yes | The URL of your Keycloak server | |
| CLIENT_SECRET | No | Optional OAuth2 client secret |
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_users | List users in the realm.
Args:
first: Pagination offset
max: Maximum results size (defaults to 100)
search: Search string for username, first/last name, or email
username: Username filter
email: Email filter
enabled: Filter by enabled/disabled users
realm: Target realm (uses default if not specified)
Returns:
List of user objects |
| get_user | Get a specific user by ID.
Args:
user_id: The user's ID
realm: Target realm (uses default if not specified)
Returns:
User object |
| create_user | Create a new user.
Args:
username: Username for the new user
email: Email address
first_name: First name
last_name: Last name
enabled: Whether the user is enabled
email_verified: Whether the email is verified
temporary_password: Initial password (user will be required to change it)
attributes: Additional user attributes
realm: Target realm (uses default if not specified)
Returns:
Dict with status and location of created user |
| update_user | Update an existing user.
Args:
user_id: The user's ID
username: New username
email: New email address
first_name: New first name
last_name: New last name
enabled: Whether the user is enabled
email_verified: Whether the email is verified
attributes: Updated user attributes
realm: Target realm (uses default if not specified)
Returns:
Status message |
| delete_user | Delete a user.
Args:
user_id: The user's ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| reset_user_password | Reset a user's password.
Args:
user_id: The user's ID
password: New password
temporary: Whether the password is temporary (user must change on next login)
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_user_sessions | Get active sessions for a user.
Args:
user_id: The user's ID
realm: Target realm (uses default if not specified)
Returns:
List of active sessions |
| logout_user | Logout all sessions for a user.
Args:
user_id: The user's ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| count_users | Count all users.
Args:
realm: Target realm (uses default if not specified)
Returns:
Number of users |
| list_clients | List clients in the realm.
Args:
client_id: Filter by client ID (partial match)
viewable_only: Only return viewable clients
first: Pagination offset
max: Maximum results size
realm: Target realm (uses default if not specified)
Returns:
List of client objects |
| get_client | Get a specific client by database ID.
Args:
id: The client's database ID (not client_id)
realm: Target realm (uses default if not specified)
Returns:
Client object |
| get_client_by_clientid | Get a specific client by client ID.
Args:
client_id: The client's client_id
realm: Target realm (uses default if not specified)
Returns:
Client object |
| create_client | Create a new client.
Args:
client_id: Client ID (unique identifier)
name: Display name
description: Client description
enabled: Whether the client is enabled
always_display_in_console: Always display in account console
root_url: Root URL for relative URLs
redirect_uris: Valid redirect URIs
web_origins: Allowed CORS origins
protocol: Protocol (openid-connect or saml)
public_client: Public client (no secret)
bearer_only: Bearer-only client
service_accounts_enabled: Enable service accounts
authorization_services_enabled: Enable authorization services
direct_access_grants_enabled: Enable direct access grants (password flow)
implicit_flow_enabled: Enable implicit flow
standard_flow_enabled: Enable standard flow (authorization code)
realm: Target realm (uses default if not specified)
Returns:
Status message |
| update_client | Update an existing client.
Args:
id: The client's database ID
client_id: New client ID
name: New display name
description: New description
enabled: Whether the client is enabled
redirect_uris: New redirect URIs
web_origins: New CORS origins
public_client: Whether client is public
service_accounts_enabled: Enable service accounts
direct_access_grants_enabled: Enable direct access grants
realm: Target realm (uses default if not specified)
Returns:
Status message |
| delete_client | Delete a client.
Args:
id: The client's database ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_client_secret | Get the client secret.
Args:
id: The client's database ID
realm: Target realm (uses default if not specified)
Returns:
Client secret object |
| regenerate_client_secret | Regenerate the client secret.
Args:
id: The client's database ID
realm: Target realm (uses default if not specified)
Returns:
New client secret object |
| get_client_service_account | Get service account user for a client.
Args:
id: The client's database ID
realm: Target realm (uses default if not specified)
Returns:
Service account user object |
| get_accessible_realms | Get accessible realms.
Returns:
List of accessible realms |
| get_realm_info | Get information about the current realm.
Args:
realm: Target realm (uses default if not specified)
Returns:
Realm configuration object |
| update_realm_settings | Update realm settings.
Args:
display_name: Display name for the realm
display_name_html: HTML display name
login_theme: Login theme name
account_theme: Account management theme
admin_theme: Admin console theme
email_theme: Email theme
enabled: Whether realm is enabled
registration_allowed: Allow user registration
registration_email_as_username: Use email as username
reset_password_allowed: Allow password reset
remember_me: Enable remember me
verify_email: Require email verification
login_with_email_allowed: Allow login with email
duplicate_emails_allowed: Allow duplicate emails
ssl_required: SSL requirement (none, external, all)
brute_force_protected: Enable brute force protection
permanent_lockout: Permanent lockout on max failures
max_failure_wait_seconds: Max wait after failures
minimum_quick_login_wait_seconds: Min wait between quick logins
wait_increment_seconds: Wait increment
quick_login_check_milli_seconds: Quick login check interval
max_delta_time_seconds: Max time between failures
failure_factor: Failure factor
default_locale: Default locale
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_realm_events_config | Get realm events configuration.
Args:
realm: Target realm (uses default if not specified)
Returns:
Events configuration object |
| update_realm_events_config | Update realm events configuration.
Args:
events_enabled: Enable events
events_listeners: Event listener implementations
enabled_event_types: Types of events to record
admin_events_enabled: Enable admin events
admin_events_details_enabled: Include details in admin events
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_realm_default_groups | Get default groups for the realm.
Args:
realm: Target realm (uses default if not specified)
Returns:
List of default groups |
| add_realm_default_group | Add a default group to the realm.
Args:
group_id: Group ID to add as default
realm: Target realm (uses default if not specified)
Returns:
Status message |
| remove_realm_default_group | Remove a default group from the realm.
Args:
group_id: Group ID to remove from defaults
realm: Target realm (uses default if not specified)
Returns:
Status message |
| remove_all_user_sessions | Remove all sessions for all users in the realm.
Args:
realm: Target realm (uses default if not specified)
Returns:
Status message |
| list_realm_roles | List all realm roles.
Args:
first: Pagination offset
max: Maximum results size
search: Search string
realm: Target realm (uses default if not specified)
Returns:
List of realm roles |
| get_realm_role | Get a specific realm role by name.
Args:
role_name: Role name
realm: Target realm (uses default if not specified)
Returns:
Role object |
| create_realm_role | Create a new realm role.
Args:
name: Role name
description: Role description
composite: Whether this is a composite role
client_role: Whether this is a client role
realm: Target realm (uses default if not specified)
Returns:
Status message |
| update_realm_role | Update a realm role.
Args:
role_name: Current role name
description: New description
composite: Whether this is a composite role
realm: Target realm (uses default if not specified)
Returns:
Status message |
| delete_realm_role | Delete a realm role.
Args:
role_name: Role name to delete
realm: Target realm (uses default if not specified)
Returns:
Status message |
| list_client_roles | List roles for a specific client.
Args:
client_id: Client database ID
first: Pagination offset
max: Maximum results size
search: Search string
realm: Target realm (uses default if not specified)
Returns:
List of client roles |
| create_client_role | Create a new client role.
Args:
client_id: Client database ID
name: Role name
description: Role description
composite: Whether this is a composite role
realm: Target realm (uses default if not specified)
Returns:
Status message |
| assign_realm_role_to_user | Assign realm roles to a user.
Args:
user_id: User ID
role_names: List of role names to assign
realm: Target realm (uses default if not specified)
Returns:
Status message |
| remove_realm_role_from_user | Remove realm roles from a user.
Args:
user_id: User ID
role_names: List of role names to remove
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_user_realm_roles | Get realm roles for a user.
Args:
user_id: User ID
effective: Get effective roles (including composite roles)
realm: Target realm (uses default if not specified)
Returns:
List of realm roles |
| assign_client_role_to_user | Assign client roles to a user.
Args:
user_id: User ID
client_id: Client database ID
role_names: List of role names to assign
realm: Target realm (uses default if not specified)
Returns:
Status message |
| list_groups | List all groups in the realm.
Args:
first: Pagination offset
max: Maximum results size
search: Search string
realm: Target realm (uses default if not specified)
Returns:
List of groups |
| get_group | Get a specific group by ID.
Args:
group_id: Group ID
realm: Target realm (uses default if not specified)
Returns:
Group object |
| create_group | Create a new group.
Args:
name: Group name
path: Group path
attributes: Group attributes
realm: Target realm (uses default if not specified)
Returns:
Status message |
| update_group | Update a group.
Args:
group_id: Group ID
name: New group name
path: New group path
attributes: New group attributes
realm: Target realm (uses default if not specified)
Returns:
Status message |
| delete_group | Delete a group.
Args:
group_id: Group ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_group_members | Get members of a group.
Args:
group_id: Group ID
first: Pagination offset
max: Maximum results size
realm: Target realm (uses default if not specified)
Returns:
List of group members |
| add_user_to_group | Add a user to a group.
Args:
user_id: User ID
group_id: Group ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| remove_user_from_group | Remove a user from a group.
Args:
user_id: User ID
group_id: Group ID
realm: Target realm (uses default if not specified)
Returns:
Status message |
| get_user_groups | Get all groups for a user.
Args:
user_id: User ID
realm: Target realm (uses default if not specified)
Returns:
List of groups the user belongs to |