Advanced Keycloak MCP server

by Octodet

Overview Schema Related Servers Score Discussions

JavaScript

Remote

list-roles

Retrieve all roles for a specific client within a Keycloak realm to manage access control and permissions.

Instructions

List all roles of a specific client in a specific realm

Input Schema

TableJSON Schema

Name	Required	Description	Default
`realm`	Yes	Realm name
`clientId`	Yes	Client ID

Implementation Reference

src/index.ts:157-194 (handler)

Core handler function in KeycloakService that authenticates, locates the client, fetches and returns its roles.

async listRoles(realm: string, clientId: string) {
  await this.authenticate();
  this.client.setConfig({ realmName: realm });

  // Find the client by clientId (can be id or clientId string)
  let client = null;
  try {
    client = await this.client.clients.findOne({ realm, id: clientId });
  } catch {}
  
  if (!client) {
    const clients = await this.client.clients.find({ realm });
    client = clients.find(
      (c) => c.clientId === clientId || c.id === clientId
    );
  }
  
  if (!client) {
    throw new McpError(
      ErrorCode.InvalidRequest,
      `Client '${clientId}' not found in realm '${realm}'.`
    );
  }
  
  if (!client.id || typeof client.id !== "string") {
    throw new McpError(
      ErrorCode.InvalidRequest,
      `Client found but has no valid id property.`
    );
  }

  const roles = await this.client.clients.listRoles({
    realm,
    id: client.id,
  });

  return { client, roles };
}

src/index.ts:397-408 (registration)

Registers the 'list-roles' tool with MCP server including name, description, and JSON input schema.

{
  name: "list-roles",
  description: "List all roles of a specific client in a specific realm",
  inputSchema: {
    type: "object",
    properties: {
      realm: { type: "string", description: "Realm name" },
      clientId: { type: "string", description: "Client ID" },
    },
    required: ["realm", "clientId"],
  },
},

src/index.ts:552-565 (handler)

MCP tool call handler case that validates arguments, invokes service handler, and formats text response.

case "list-roles": {
  const { realm, clientId } = ListRolesSchema.parse(args);
  const { client, roles } = await keycloakService.listRoles(realm, clientId);
  return {
    content: [
      {
        type: "text",
        text: `Roles for client '${client.clientId}' in realm '${realm}':\n${roles
          .map((r) => `- ${r.name}`)
          .join("\n")}`,
      },
    ],
  };
}

src/index.ts:471-474 (schema)
Zod schema for input validation of list-roles tool parameters.
```
const ListRolesSchema = z.object({
  realm: z.string(),
  clientId: z.string(),
});
```

Install Server

Other Tools

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Octodet/keycloak-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server