mcp-keycloak
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-keycloakadd 10 and 20"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Keycloak Resource Server (mcp-keycloak)
This project implements a Model Context Protocol (MCP) protected Resource Server secured by an OAuth 2.0 Authorization Server (Keycloak) using Token Introspection (RFC 7662).
The server is built with the Python mcp SDK using the FastMCP framework, showcasing how to restrict access to MCP tools by requiring a valid Bearer token.
Architecture Overview
+--------------------+ 1. Request Token +--------------------+
| | ------------------------------> | |
| MCP Client | | Keycloak |
| (e.g., test_client)| <------------------------------ | (Auth Server, :8080)
| | 2. Access Token +--------------------+
+--------------------+ ^
| |
| 3. Call Tool (with Bearer Token) |
v | 4. Introspect
+--------------------+ | Token
| MCP Server | ------------------------------------------+
| (Resource, :3000) | <------------------------------------------
+--------------------+ 5. Active: True/FalseKeycloak (Authorization Server): Serves on port
8080. It handles client credential grants and token introspection. A pre-configured database is included in the project directory (keycloak_data/) to make spin-up seamless.MCP Resource Server (Resource Server): Built with
FastMCP, running on port3000. When a client calls a protected tool, the server intercepts the request and validates theAuthorization: Bearer <token>header against Keycloak's introspection endpoint.Token Verifier (
IntrospectionTokenVerifier): Implements standard OAuth 2.0 token introspection (RFC 7662). It validates token activity, resource/audience restrictions (aud), scope limits, and expiration times.
Related MCP server: enterprise-auth-mcp-server
Prerequisites
Python: Version
3.12or higher (compatible withuv)Docker & Docker Compose: To run Keycloak
Pre-Configured Keycloak Clients
The embedded Keycloak database is pre-configured with three OAuth 2.0 clients within the master realm. The full, exact JSON configuration of these clients is exported and available in the keycloak_config.json file.
These clients use the Client Credentials Grant flow (via Service Accounts) and are configured with specific client secrets, scopes, and audience mappers:
1. mcp-client (Primary Testing Client)
Client ID:
mcp-clientClient Secret:
64gq3p8y3siZKZoKH6X9Bq2oqIPfukBZYMnmyCVCJw1QgjfNzdympB0eaZ1aXtFl0yNUWzGr3S7Gov3gR4kLfeAuthentication Flow: Client Credentials (Service Account enabled)
Assigned Scopes:
mcp:toolsAudience Mappers:
mcp-serverhttp://localhost:3000(derived resource server URL)
2. mcp-client-2 (Alternative Testing Client)
Client ID:
mcp-client-2Client Secret:
FebOB24OaG3F4J9dMZPoZ7qhzQvUKQ5HgJ6IbQ6yXQBd5tg88f8tPSEA0aUGK9AuEebxHRBwsPdLuDjQpiLFhRAuthentication Flow: Client Credentials (Service Account enabled)
Assigned Scopes:
mcp:toolsAudience Mappers:
mcp-serverhttp://localhost:3000
3. mcp-server (Resource Server Introspection)
Client ID:
mcp-serverClient Secret:
5XflSzJJrvQD8iNz4t7RMI4i9rNvdnLQs5PSo8EMGkfUDKr02SjaPs4fKA9kWNO1G06nhDzTHMeHrnz9H4h5utAuthentication Flow: Client Credentials (Service Account enabled) — used by the Resource Server to authenticate introspection requests.
Assigned Scopes:
mcp:toolsAudience Mappers:
mcp-serverhttp://localhost:3000
Installation & Setup
1. Start Keycloak
Run the Keycloak container in development mode using the provided docker-compose.yml:
docker compose up -dKeycloak starts on http://127.0.0.1:8080. Admin credentials are:
Username:
adminPassword:
admin
Note: The container mounts ./keycloak_data, preserving the pre-configured realm, clients (mcp-server, mcp-client, and mcp-client-2), and settings.
2. Install Project Dependencies
If you are using uv:
uv syncAlternatively, standard pip can be used:
pip install -e .Running the Server
Start the MCP Resource Server:
uv run main.pyBy default, the server starts on http://localhost:3000 using the streamable-http transport (supporting Streamable HTTP MCP communication).
Server Configuration
Configuration options can be customized via environment variables defined in config.py:
Environment Variable | Default Value | Description |
|
| MCP Server hostname |
|
| MCP Server port |
|
| Keycloak server host |
|
| Keycloak server port |
|
| Keycloak Realm to use |
|
| Client ID the Resource Server uses for Introspection |
|
| Client Secret for Introspection client |
|
| Scope required to invoke the MCP tools |
|
| Enable strict OAuth validations |
|
| MCP Transport protocol ( |
Secure MCP Tools Provided
The server registers two secure arithmetic tools:
add_numbersArguments:
a: float,b: floatOperation: Adds two numbers together.
Output: Returns JSON containing parameters, sum result, and timestamp.
multiply_numbersArguments:
x: float,y: floatOperation: Multiplies two numbers.
Output: Returns JSON containing parameters, product result, and timestamp.
Testing with the Test Client
A CLI-based test client (test_client.py) is included to simulate MCP client interactions.
1. View Help Options
To see all available CLI flags:
uv run test_client.py --help2. Automatically Fetch Token & List Secure Tools
To retrieve a client token via Keycloak's client credentials flow (using client credentials configured for mcp-client) and list the available tools on the MCP server:
uv run test_client.py --fetch-tokenTo use the alternative mcp-client-2 client, specify the client credentials flags:
uv run test_client.py --fetch-token --client-id mcp-client-2 --client-secret FebOB24OaG3F4J9dMZPoZ7qhzQvUKQ5HgJ6IbQ6yXQBd5tg88f8tPSEA0aUGK9AuEebxHRBwsPdLuDjQpiLFhR3. Call a Protected Tool
To execute a secure tool using an automatically fetched token:
Addition Example:
uv run test_client.py --fetch-token --call add_numbers --args '{"a": 15.5, "b": 24.5}'Multiplication Example:
uv run test_client.py --fetch-token --call multiply_numbers --args '{"x": 6.0, "y": 7.0}'Technical Details
Token Validation Rules (token_verifier.py)
When an incoming MCP request is received, IntrospectionTokenVerifier.verify_token(token) validates:
HTTP status: The introspection request successfully responds with an HTTP
200status.Activity: The response JSON includes
"active": true.Audience (
aud): The audience claim matches the resource server URL (derived dynamically, e.g.,http://localhost:3000/).Scopes: Validated to ensure the client has the required
mcp:toolsscope.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ndigrazia/mcp-keycloak'
If you have feedback or need assistance with the MCP directory API, please join our Discord server