Skip to main content
Glama
mrz1880

mcp-keycloak-admin

Create client

keycloak_client_create

Create a new OAuth/OIDC client in a Keycloak realm. Provide a unique clientId and optional settings like enabled, public client, redirect URIs, and web origins.

Instructions

Create a new OAuth/OIDC client in the configured realm. This is a write operation and is not idempotent: calling it again with the same clientId creates a conflict rather than reusing the existing client. Use keycloak_client_list or keycloak_client_get first to verify the clientId is not already taken, and keycloak_client_update to modify an existing client. Returns a confirmation message naming the created client.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
enabledNoWhether the client is enabled. Defaults to true; the client is created disabled only when this is explicitly set to false.
clientIdYesThe clientId to assign to the new client (the human-readable OAuth/OIDC identifier, e.g. "my-app"). Required and must be unique within the realm.
webOriginsNoAllowed CORS web origins as a list of strings (e.g. ["https://app.example.com"]). Use "+" to allow all registered redirect URI origins, or "*" to allow any. Optional; defaults to an empty list when omitted.
publicClientNoWhether the client is public (no client secret, e.g. SPA or mobile app). Defaults to false, creating a confidential client; set to true for a public client.
redirectUrisNoAllowed OAuth redirect/callback URIs as a list of strings (e.g. ["https://app.example.com/callback"]). Optional; defaults to an empty list when omitted.
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already indicate readOnlyHint=false, idempotentHint=false, destructiveHint=false. The description adds value by explicitly stating it is a write operation, not idempotent, and will cause a conflict on duplicate rather than updating. It also mentions the return value (confirmation message). No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three concise sentences with no wasted words. The first sentence clearly states the tool's purpose, the second explains non-idempotency, and the third provides usage alternatives. Front-loaded and efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the full schema coverage, clear annotations, and no output schema, the description covers all necessary behavioral context: creation, non-idempotency, conflict behavior, return value, and relationship to sibling tools. No gaps identified.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, and the description does not add new meaning beyond what is already in the input schema. It does not repeat parameter details but also does not compensate for any gaps, so baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it creates a new OAuth/OIDC client in the configured realm. It uses a specific verb ('create') and resource ('client'), and differentiates from sibling tools like keycloak_client_list and keycloak_client_update by mentioning their respective roles.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly advises to verify clientId uniqueness using keycloak_client_list or keycloak_client_get before creation, and to use keycloak_client_update for modifications. Also notes the operation is not idempotent and will cause a conflict on duplicate, providing clear when-to-use and when-not-to-use guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mrz1880/mcp-keycloak-admin'

If you have feedback or need assistance with the MCP directory API, please join our Discord server