update_realm_settings

Modify realm configuration in Keycloak to adjust authentication, security, and user experience settings for identity management.

Instructions

Update realm settings.

Args:
    display_name: Display name for the realm
    display_name_html: HTML display name
    login_theme: Login theme name
    account_theme: Account management theme
    admin_theme: Admin console theme
    email_theme: Email theme
    enabled: Whether realm is enabled
    registration_allowed: Allow user registration
    registration_email_as_username: Use email as username
    reset_password_allowed: Allow password reset
    remember_me: Enable remember me
    verify_email: Require email verification
    login_with_email_allowed: Allow login with email
    duplicate_emails_allowed: Allow duplicate emails
    ssl_required: SSL requirement (none, external, all)
    brute_force_protected: Enable brute force protection
    permanent_lockout: Permanent lockout on max failures
    max_failure_wait_seconds: Max wait after failures
    minimum_quick_login_wait_seconds: Min wait between quick logins
    wait_increment_seconds: Wait increment
    quick_login_check_milli_seconds: Quick login check interval
    max_delta_time_seconds: Max time between failures
    failure_factor: Failure factor
    default_locale: Default locale
    realm: Target realm (uses default if not specified)

Returns:
    Status message

Input Schema

TableJSON Schema

Name	Required	Description	Default
`display_name`	No
`display_name_html`	No
`login_theme`	No
`account_theme`	No
`admin_theme`	No
`email_theme`	No
`enabled`	No
`registration_allowed`	No
`registration_email_as_username`	No
`reset_password_allowed`	No
`remember_me`	No
`verify_email`	No
`login_with_email_allowed`	No
`duplicate_emails_allowed`	No
`ssl_required`	No
`brute_force_protected`	No
`permanent_lockout`	No
`max_failure_wait_seconds`	No
`minimum_quick_login_wait_seconds`	No
`wait_increment_seconds`	No
`quick_login_check_milli_seconds`	No
`max_delta_time_seconds`	No
`failure_factor`	No
`default_locale`	No
`realm`	No

Implementation Reference

src/tools/realm_tools.py:35-153 (handler)

The handler function for 'update_realm_settings' tool. Decorated with @mcp.tool() for automatic registration. Fetches current realm settings, updates specified fields, and applies changes via Keycloak PUT request.

@mcp.tool()
async def update_realm_settings(
    display_name: Optional[str] = None,
    display_name_html: Optional[str] = None,
    login_theme: Optional[str] = None,
    account_theme: Optional[str] = None,
    admin_theme: Optional[str] = None,
    email_theme: Optional[str] = None,
    enabled: Optional[bool] = None,
    registration_allowed: Optional[bool] = None,
    registration_email_as_username: Optional[bool] = None,
    reset_password_allowed: Optional[bool] = None,
    remember_me: Optional[bool] = None,
    verify_email: Optional[bool] = None,
    login_with_email_allowed: Optional[bool] = None,
    duplicate_emails_allowed: Optional[bool] = None,
    ssl_required: Optional[str] = None,
    brute_force_protected: Optional[bool] = None,
    permanent_lockout: Optional[bool] = None,
    max_failure_wait_seconds: Optional[int] = None,
    minimum_quick_login_wait_seconds: Optional[int] = None,
    wait_increment_seconds: Optional[int] = None,
    quick_login_check_milli_seconds: Optional[int] = None,
    max_delta_time_seconds: Optional[int] = None,
    failure_factor: Optional[int] = None,
    default_locale: Optional[str] = None,
    realm: Optional[str] = None,
) -> Dict[str, str]:
    """
    Update realm settings.

    Args:
        display_name: Display name for the realm
        display_name_html: HTML display name
        login_theme: Login theme name
        account_theme: Account management theme
        admin_theme: Admin console theme
        email_theme: Email theme
        enabled: Whether realm is enabled
        registration_allowed: Allow user registration
        registration_email_as_username: Use email as username
        reset_password_allowed: Allow password reset
        remember_me: Enable remember me
        verify_email: Require email verification
        login_with_email_allowed: Allow login with email
        duplicate_emails_allowed: Allow duplicate emails
        ssl_required: SSL requirement (none, external, all)
        brute_force_protected: Enable brute force protection
        permanent_lockout: Permanent lockout on max failures
        max_failure_wait_seconds: Max wait after failures
        minimum_quick_login_wait_seconds: Min wait between quick logins
        wait_increment_seconds: Wait increment
        quick_login_check_milli_seconds: Quick login check interval
        max_delta_time_seconds: Max time between failures
        failure_factor: Failure factor
        default_locale: Default locale
        realm: Target realm (uses default if not specified)

    Returns:
        Status message
    """
    # Get current realm data
    current_realm = await client._make_request("GET", "", realm=realm)

    # Update only provided fields
    if display_name is not None:
        current_realm["displayName"] = display_name
    if display_name_html is not None:
        current_realm["displayNameHtml"] = display_name_html
    if login_theme is not None:
        current_realm["loginTheme"] = login_theme
    if account_theme is not None:
        current_realm["accountTheme"] = account_theme
    if admin_theme is not None:
        current_realm["adminTheme"] = admin_theme
    if email_theme is not None:
        current_realm["emailTheme"] = email_theme
    if enabled is not None:
        current_realm["enabled"] = enabled
    if registration_allowed is not None:
        current_realm["registrationAllowed"] = registration_allowed
    if registration_email_as_username is not None:
        current_realm["registrationEmailAsUsername"] = registration_email_as_username
    if reset_password_allowed is not None:
        current_realm["resetPasswordAllowed"] = reset_password_allowed
    if remember_me is not None:
        current_realm["rememberMe"] = remember_me
    if verify_email is not None:
        current_realm["verifyEmail"] = verify_email
    if login_with_email_allowed is not None:
        current_realm["loginWithEmailAllowed"] = login_with_email_allowed
    if duplicate_emails_allowed is not None:
        current_realm["duplicateEmailsAllowed"] = duplicate_emails_allowed
    if ssl_required is not None:
        current_realm["sslRequired"] = ssl_required
    if brute_force_protected is not None:
        current_realm["bruteForceProtected"] = brute_force_protected
    if permanent_lockout is not None:
        current_realm["permanentLockout"] = permanent_lockout
    if max_failure_wait_seconds is not None:
        current_realm["maxFailureWaitSeconds"] = max_failure_wait_seconds
    if minimum_quick_login_wait_seconds is not None:
        current_realm["minimumQuickLoginWaitSeconds"] = minimum_quick_login_wait_seconds
    if wait_increment_seconds is not None:
        current_realm["waitIncrementSeconds"] = wait_increment_seconds
    if quick_login_check_milli_seconds is not None:
        current_realm["quickLoginCheckMilliSeconds"] = quick_login_check_milli_seconds
    if max_delta_time_seconds is not None:
        current_realm["maxDeltaTimeSeconds"] = max_delta_time_seconds
    if failure_factor is not None:
        current_realm["failureFactor"] = failure_factor
    if default_locale is not None:
        current_realm["defaultLocale"] = default_locale

    await client._make_request("PUT", "", data=current_realm, realm=realm)
    return {
        "status": "updated",
        "message": f"Realm {realm if realm else client.realm_name} settings updated successfully",
    }

mcp-keycloak

update_realm_settings

Instructions

Input Schema

Implementation Reference

Other Tools

Latest Blog Posts

MCP directory API