mcp-keycloak

update_realm_settings

Modify realm configuration in Keycloak to adjust authentication, security, and user experience settings for identity management.

Instructions

Update realm settings.

Args:
    display_name: Display name for the realm
    display_name_html: HTML display name
    login_theme: Login theme name
    account_theme: Account management theme
    admin_theme: Admin console theme
    email_theme: Email theme
    enabled: Whether realm is enabled
    registration_allowed: Allow user registration
    registration_email_as_username: Use email as username
    reset_password_allowed: Allow password reset
    remember_me: Enable remember me
    verify_email: Require email verification
    login_with_email_allowed: Allow login with email
    duplicate_emails_allowed: Allow duplicate emails
    ssl_required: SSL requirement (none, external, all)
    brute_force_protected: Enable brute force protection
    permanent_lockout: Permanent lockout on max failures
    max_failure_wait_seconds: Max wait after failures
    minimum_quick_login_wait_seconds: Min wait between quick logins
    wait_increment_seconds: Wait increment
    quick_login_check_milli_seconds: Quick login check interval
    max_delta_time_seconds: Max time between failures
    failure_factor: Failure factor
    default_locale: Default locale
    realm: Target realm (uses default if not specified)

Returns:
    Status message

Input Schema

TableJSON Schema

Name	Required	Description	Default
`display_name`	No
`display_name_html`	No
`login_theme`	No
`account_theme`	No
`admin_theme`	No
`email_theme`	No
`enabled`	No
`registration_allowed`	No
`registration_email_as_username`	No
`reset_password_allowed`	No
`remember_me`	No
`verify_email`	No
`login_with_email_allowed`	No
`duplicate_emails_allowed`	No
`ssl_required`	No
`brute_force_protected`	No
`permanent_lockout`	No
`max_failure_wait_seconds`	No
`minimum_quick_login_wait_seconds`	No
`wait_increment_seconds`	No
`quick_login_check_milli_seconds`	No
`max_delta_time_seconds`	No
`failure_factor`	No
`default_locale`	No
`realm`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/tools/realm_tools.py:35-153 (handler)

The handler function for 'update_realm_settings' tool. Decorated with @mcp.tool() for automatic registration. Fetches current realm settings, updates specified fields, and applies changes via Keycloak PUT request.

@mcp.tool()
async def update_realm_settings(
    display_name: Optional[str] = None,
    display_name_html: Optional[str] = None,
    login_theme: Optional[str] = None,
    account_theme: Optional[str] = None,
    admin_theme: Optional[str] = None,
    email_theme: Optional[str] = None,
    enabled: Optional[bool] = None,
    registration_allowed: Optional[bool] = None,
    registration_email_as_username: Optional[bool] = None,
    reset_password_allowed: Optional[bool] = None,
    remember_me: Optional[bool] = None,
    verify_email: Optional[bool] = None,
    login_with_email_allowed: Optional[bool] = None,
    duplicate_emails_allowed: Optional[bool] = None,
    ssl_required: Optional[str] = None,
    brute_force_protected: Optional[bool] = None,
    permanent_lockout: Optional[bool] = None,
    max_failure_wait_seconds: Optional[int] = None,
    minimum_quick_login_wait_seconds: Optional[int] = None,
    wait_increment_seconds: Optional[int] = None,
    quick_login_check_milli_seconds: Optional[int] = None,
    max_delta_time_seconds: Optional[int] = None,
    failure_factor: Optional[int] = None,
    default_locale: Optional[str] = None,
    realm: Optional[str] = None,
) -> Dict[str, str]:
    """
    Update realm settings.

    Args:
        display_name: Display name for the realm
        display_name_html: HTML display name
        login_theme: Login theme name
        account_theme: Account management theme
        admin_theme: Admin console theme
        email_theme: Email theme
        enabled: Whether realm is enabled
        registration_allowed: Allow user registration
        registration_email_as_username: Use email as username
        reset_password_allowed: Allow password reset
        remember_me: Enable remember me
        verify_email: Require email verification
        login_with_email_allowed: Allow login with email
        duplicate_emails_allowed: Allow duplicate emails
        ssl_required: SSL requirement (none, external, all)
        brute_force_protected: Enable brute force protection
        permanent_lockout: Permanent lockout on max failures
        max_failure_wait_seconds: Max wait after failures
        minimum_quick_login_wait_seconds: Min wait between quick logins
        wait_increment_seconds: Wait increment
        quick_login_check_milli_seconds: Quick login check interval
        max_delta_time_seconds: Max time between failures
        failure_factor: Failure factor
        default_locale: Default locale
        realm: Target realm (uses default if not specified)

    Returns:
        Status message
    """
    # Get current realm data
    current_realm = await client._make_request("GET", "", realm=realm)

    # Update only provided fields
    if display_name is not None:
        current_realm["displayName"] = display_name
    if display_name_html is not None:
        current_realm["displayNameHtml"] = display_name_html
    if login_theme is not None:
        current_realm["loginTheme"] = login_theme
    if account_theme is not None:
        current_realm["accountTheme"] = account_theme
    if admin_theme is not None:
        current_realm["adminTheme"] = admin_theme
    if email_theme is not None:
        current_realm["emailTheme"] = email_theme
    if enabled is not None:
        current_realm["enabled"] = enabled
    if registration_allowed is not None:
        current_realm["registrationAllowed"] = registration_allowed
    if registration_email_as_username is not None:
        current_realm["registrationEmailAsUsername"] = registration_email_as_username
    if reset_password_allowed is not None:
        current_realm["resetPasswordAllowed"] = reset_password_allowed
    if remember_me is not None:
        current_realm["rememberMe"] = remember_me
    if verify_email is not None:
        current_realm["verifyEmail"] = verify_email
    if login_with_email_allowed is not None:
        current_realm["loginWithEmailAllowed"] = login_with_email_allowed
    if duplicate_emails_allowed is not None:
        current_realm["duplicateEmailsAllowed"] = duplicate_emails_allowed
    if ssl_required is not None:
        current_realm["sslRequired"] = ssl_required
    if brute_force_protected is not None:
        current_realm["bruteForceProtected"] = brute_force_protected
    if permanent_lockout is not None:
        current_realm["permanentLockout"] = permanent_lockout
    if max_failure_wait_seconds is not None:
        current_realm["maxFailureWaitSeconds"] = max_failure_wait_seconds
    if minimum_quick_login_wait_seconds is not None:
        current_realm["minimumQuickLoginWaitSeconds"] = minimum_quick_login_wait_seconds
    if wait_increment_seconds is not None:
        current_realm["waitIncrementSeconds"] = wait_increment_seconds
    if quick_login_check_milli_seconds is not None:
        current_realm["quickLoginCheckMilliSeconds"] = quick_login_check_milli_seconds
    if max_delta_time_seconds is not None:
        current_realm["maxDeltaTimeSeconds"] = max_delta_time_seconds
    if failure_factor is not None:
        current_realm["failureFactor"] = failure_factor
    if default_locale is not None:
        current_realm["defaultLocale"] = default_locale

    await client._make_request("PUT", "", data=current_realm, realm=realm)
    return {
        "status": "updated",
        "message": f"Realm {realm if realm else client.realm_name} settings updated successfully",
    }

Tool Definition Quality

B3.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states 'Update realm settings' which implies a mutation, but doesn't specify critical behaviors like required permissions, whether changes are reversible, rate limits, or error handling. The return value is mentioned as 'Status message' but lacks detail on success/failure formats.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately structured with sections for 'Args' and 'Returns', but it's lengthy due to listing all parameters. While efficient in conveying necessary information, it could be more front-loaded with a brief summary before the detailed list, and some parameter descriptions are redundant (e.g., repeating parameter names).

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (25 parameters, no annotations, but has output schema), the description is partially complete. It thoroughly documents parameters and mentions a return value, but lacks behavioral context (e.g., permissions, side effects) and doesn't leverage the output schema to explain return formats. This leaves gaps for a mutation tool of this scale.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds significant value beyond the input schema, which has 0% description coverage. It provides a comprehensive list of 25 parameters with clear explanations (e.g., 'Display name for the realm', 'Whether realm is enabled'), compensating fully for the schema's lack of descriptions and helping the agent understand each parameter's purpose.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Update') and resource ('realm settings'), making the purpose specific and understandable. However, it doesn't differentiate this tool from sibling tools like 'update_realm_events_config' or 'update_realm_role', which also update realm-related configurations.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., admin permissions), exclusions, or how it differs from other update tools in the sibling list, leaving the agent without contextual usage cues.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/idoyudha/mcp-keycloak'

If you have feedback or need assistance with the MCP directory API, please join our Discord server