Schema | mcp-keycloak-admin

mcp-keycloak-admin

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`AUTH_MODE`	Yes	Authentication mode: service_account or password.
`READ_ONLY`	No	When true, write/destructive tools are not registered. Default: false.	false
`KC_CLIENT_ID`	No	Confidential client id (e.g. mcp-admin). Required if AUTH_MODE is service_account.
`ALLOWED_REALMS`	No	Comma-separated allow-list of realms. Empty = all.
`KC_ADMIN_REALM`	No	Realm holding the admin user (password mode). Default: master.	master
`KEYCLOAK_REALM`	Yes	Realm the server operates on.
`KC_CLIENT_SECRET`	No	Client secret. Required if AUTH_MODE is service_account.
`KC_ADMIN_PASSWORD`	No	Admin password. Required if AUTH_MODE is password.
`KC_ADMIN_USERNAME`	No	Admin username. Required if AUTH_MODE is password.
`KEYCLOAK_BASE_URL`	Yes	Base URL of the Keycloak server (no trailing slash).

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": true }

Tools

Functions exposed to the LLM to take actions

Name	Description
keycloak_user_searchA	Search realm users by email, username or free text.
keycloak_user_getB	Fetch a single user by id.
keycloak_user_sessions_listC	List a user's active sessions.
keycloak_user_createC	Create a realm user.
keycloak_user_updateC	Update a user's email, name or enabled flag.
keycloak_user_set_enabledC	Enable or disable a user account.
keycloak_user_send_action_emailC	Send a required-actions email (e.g. VERIFY_EMAIL, UPDATE_PASSWORD).
keycloak_user_reset_passwordC	Set a new password for a user. Requires confirmation.
keycloak_user_logoutB	Revoke all of a user's sessions. Requires confirmation.
keycloak_user_deleteB	Permanently delete a user. Requires confirmation; the username must match the target id.
keycloak_role_listB	List the realm roles.
keycloak_user_roles_getB	List the realm roles assigned to a user.
keycloak_user_role_assignB	Grant a realm role to a user.
keycloak_user_role_unassignB	Revoke a realm role from a user. Requires confirmation.
keycloak_client_listA	List the realm clients.
keycloak_client_getB	Fetch a client by its clientId.
keycloak_client_get_secretA	Read a confidential client's secret. Masked unless reveal is true.
keycloak_client_regenerate_secretA	Regenerate a confidential client's secret. Requires confirmation; the old secret stops working.
keycloak_client_scopes_listA	List the realm's client scopes.
keycloak_client_default_scopes_getB	List the default client scopes assigned to a client.
keycloak_client_mappers_listC	List a client's protocol mappers.
keycloak_client_scope_assignC	Add a default client scope to a client.
keycloak_client_scope_unassignC	Remove a default client scope from a client. Requires confirmation.
keycloak_group_listA	List the realm's top-level groups.
keycloak_group_members_listB	List the users that are members of a group.
keycloak_user_groups_listB	List the groups a user belongs to.
keycloak_group_createC	Create a top-level group.
keycloak_group_member_addC	Add a user to a group.
keycloak_group_role_assignA	Grant a realm role to a group (inherited by its members).
keycloak_group_member_removeC	Remove a user from a group. Requires confirmation.
keycloak_group_deleteB	Delete a group. Requires confirmation.
keycloak_idp_listA	List the realm's identity providers.
keycloak_idp_getA	Fetch an identity provider by alias.
keycloak_idp_mappers_listB	List an identity provider's mappers.
keycloak_idp_createB	Create an identity provider. `config` carries provider-specific keys (clientId, clientSecret, authorizationUrl, …).
keycloak_idp_deleteB	Delete an identity provider. Requires confirmation.
keycloak_federation_listA	List the realm's user federation (LDAP/Kerberos) providers.
keycloak_federation_getA	Fetch a user federation provider by id.
keycloak_federation_syncB	Trigger a user sync from a federation provider (full or changed).
keycloak_auth_flows_listA	List the realm's authentication flows.
keycloak_auth_required_actions_listA	List the realm's required actions.
keycloak_auth_required_action_set_enabledB	Enable or disable a realm required action by alias.
keycloak_authz_resources_listC	List a client's authorization-services resources.
keycloak_authz_policies_listB	List a client's authorization-services policies.
keycloak_authz_permissions_listB	List a client's authorization-services permissions.
keycloak_events_loginC	Read recent login events, optionally filtered.
keycloak_events_adminC	Read recent admin events.
keycloak_realm_get_configA	Read key realm configuration flags.
keycloak_server_infoA	Read the Keycloak server version and profile.

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Server Configuration
Capabilities
Tools
Prompts
Resources

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mrz1880/mcp-keycloak-admin'

If you have feedback or need assistance with the MCP directory API, please join our Discord server