The Keycloak MCP Server designed for agentic applications to manage and search data in Keycloak efficiently
- • Basic MCP protocol features implemented (14/40)
- • Room for improvement in GitHub community
- • Optimal dependency management (20/20)
- • Full deployment maturity (10/10)
- • Documentation (8/8)
- • Archestra MCP Trust score badge is missing
{
"mcpServers": {
"mcp-keycloak": {
"command": "uvx",
"args": [
"mcp-keycloak"
],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
},
"mcp-keycloak-local": {
"command": "uv",
"args": [
"--directory",
"/path/to/mcp-keycloak",
"run",
"python",
"-m",
"src"
],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
},
"mcp-keycloak-direct": {
"command": "python",
"args": [
"-m",
"src.main"
],
"env": {}
}
}
}Keycloak MCP Server
A Model Context Protocol (MCP) server that provides a natural language interface for managing Keycloak identity and access management through its REST API. This server enables AI agents to perform user management, client configuration, realm administration, and role-based access control operations seamlessly.
Overview
The Keycloak MCP Server bridges the gap between AI applications and Keycloak's powerful identity management capabilities. Whether you're building an AI assistant that needs to manage users, configure clients, or handle complex authorization scenarios, this server provides the tools you need through simple, natural language commands.
Features
🔐 Comprehensive User Management
Manage users lifecycle from creation to deletion, including password resets, session management, and user attribute updates.
🏢 Client Configuration
Create and configure OAuth2/OIDC clients, manage client secrets, and handle service accounts programmatically.
👥 Role-Based Access Control
Define and assign realm and client-specific roles, manage user permissions, and implement fine-grained access control.
🏛️ Realm Administration
Configure realm settings, manage default groups, handle event configurations, and control realm-wide policies.
🔄 Group Management
Organize users into groups, manage group hierarchies, and handle group-based permissions efficiently.
Installation
Installing via Smithery
To install mcp-keycloak for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-keycloak --client claude
Quick Start
Install using pip:
pip install mcp-keycloak
Development Installation
Clone the repository and install dependencies:
git clone https://github.com/idoyudha/mcp-keycloak.git
cd mcp-keycloak
pip install -e .
Configuration
The server can be configured using environment variables or a .env file:
# Required configuration
SERVER_URL=https://your-keycloak-server.com
USERNAME=admin-username
PASSWORD=admin-password
REALM_NAME=your-realm
# Optional OAuth2 client configuration
CLIENT_ID=optional-client-id
CLIENT_SECRET=optional-client-secret
Tools
The Keycloak MCP Server provides a comprehensive set of tools organized by functionality:
User Management
Complete user lifecycle management including:
list_users- List users with pagination and filteringcreate_user/update_user/delete_user- Full CRUD operationsreset_user_password- Password managementget_user_sessions/logout_user- Session controlcount_users- User statistics
Client Management
OAuth2/OIDC client configuration:
list_clients/get_client/create_client- Client operationsget_client_secret/regenerate_client_secret- Secret managementget_client_service_account- Service account accessupdate_client/delete_client- Client modifications
Role Management
Fine-grained permission control:
list_realm_roles/create_realm_role- Realm role operationslist_client_roles/create_client_role- Client-specific rolesassign_realm_role_to_user/remove_realm_role_from_user- Role assignmentsget_user_realm_roles/assign_client_role_to_user- User role queries
Group Management
Hierarchical user organization:
list_groups/create_group/update_group- Group operationsget_group_members/add_user_to_group- Membership managementget_user_groups/remove_user_from_group- User group associations
Realm Administration
System-wide configuration:
get_accessible_realms- List of accessible realmsget_realm_info/update_realm_settings- Realm configurationget_realm_events_config/update_realm_events_config- Event managementadd_realm_default_group/remove_realm_default_group- Default settings
Usage
Running the Server
Start the MCP server directly:
python -m src.main
Integration Examples
Prerequisites
Before integrating the Keycloak MCP Server, ensure you have one of the following installed:
- uvx (recommended): Install via
pip install uvxorpipx install uvx - uv: Follow installation instructions
- npm/npx: For Smithery installation (comes with Node.js)
Option 1: Using Smithery CLI (Recommended)
The easiest way - automatically configures everything for Claude Desktop:
npx @smithery/cli install @idoyudha/mcp-keycloak --client claude
This command will prompt you for the required configuration values and set up the server automatically.
Option 2: Using uvx (Manual Setup)
No cloning required! Add to your claude_desktop_config.json:
{
"mcpServers": {
"keycloak": {
"command": "uvx",
"args": ["mcp-keycloak"],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
}
}
}
Option 3: Local Development Setup
For development or customization:
- Clone the repository:
git clone https://github.com/idoyudha/mcp-keycloak.git
cd mcp-keycloak
- Add to your
claude_desktop_config.json:
{
"mcpServers": {
"keycloak": {
"command": "uv",
"args": [
"--directory",
"/path/to/mcp-keycloak",
"run",
"python",
"-m",
"src"
],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
}
}
}
💡 Quick Tips:
- Replace
/path/to/mcp-keycloakwith the actual path where you cloned the repository - Ensure your Keycloak server URL includes the protocol (
https://orhttp://) - The
REALM_NAMEshould match an existing realm in your Keycloak instance
Example Use Cases
🤖 AI-Powered Identity Management
Build AI assistants that can handle user onboarding, permission management, and access control through natural language commands.
🔄 Automated User Provisioning
Create workflows that automatically provision users, assign roles, and configure client applications based on business rules.
📊 Identity Analytics
Query and analyze user data, session information, and access patterns to gain insights into your identity infrastructure.
🚀 DevOps Integration
Integrate Keycloak management into your CI/CD pipelines, allowing automated configuration of identity services.
Requirements
- Python 3.8 or higher
- Keycloak server (tested with Keycloak 18+)
- Admin access to Keycloak realm
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Support
For issues, questions, or contributions, please visit the GitHub repository.
[](https://archestra.ai/mcp-catalog/idoyudha__mcp-keycloak)Keycloak MCP Server
A Model Context Protocol (MCP) server that provides a natural language interface for managing Keycloak identity and access management through its REST API. This server enables AI agents to perform user management, client configuration, realm administration, and role-based access control operations seamlessly.
Overview
The Keycloak MCP Server bridges the gap between AI applications and Keycloak's powerful identity management capabilities. Whether you're building an AI assistant that needs to manage users, configure clients, or handle complex authorization scenarios, this server provides the tools you need through simple, natural language commands.
Features
🔐 Comprehensive User Management
Manage users lifecycle from creation to deletion, including password resets, session management, and user attribute updates.
🏢 Client Configuration
Create and configure OAuth2/OIDC clients, manage client secrets, and handle service accounts programmatically.
👥 Role-Based Access Control
Define and assign realm and client-specific roles, manage user permissions, and implement fine-grained access control.
🏛️ Realm Administration
Configure realm settings, manage default groups, handle event configurations, and control realm-wide policies.
🔄 Group Management
Organize users into groups, manage group hierarchies, and handle group-based permissions efficiently.
Installation
Installing via Smithery
To install mcp-keycloak for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-keycloak --client claude
Quick Start
Install using pip:
pip install mcp-keycloak
Development Installation
Clone the repository and install dependencies:
git clone https://github.com/idoyudha/mcp-keycloak.git
cd mcp-keycloak
pip install -e .
Configuration
The server can be configured using environment variables or a .env file:
# Required configuration
SERVER_URL=https://your-keycloak-server.com
USERNAME=admin-username
PASSWORD=admin-password
REALM_NAME=your-realm
# Optional OAuth2 client configuration
CLIENT_ID=optional-client-id
CLIENT_SECRET=optional-client-secret
Tools
The Keycloak MCP Server provides a comprehensive set of tools organized by functionality:
User Management
Complete user lifecycle management including:
list_users- List users with pagination and filteringcreate_user/update_user/delete_user- Full CRUD operationsreset_user_password- Password managementget_user_sessions/logout_user- Session controlcount_users- User statistics
Client Management
OAuth2/OIDC client configuration:
list_clients/get_client/create_client- Client operationsget_client_secret/regenerate_client_secret- Secret managementget_client_service_account- Service account accessupdate_client/delete_client- Client modifications
Role Management
Fine-grained permission control:
list_realm_roles/create_realm_role- Realm role operationslist_client_roles/create_client_role- Client-specific rolesassign_realm_role_to_user/remove_realm_role_from_user- Role assignmentsget_user_realm_roles/assign_client_role_to_user- User role queries
Group Management
Hierarchical user organization:
list_groups/create_group/update_group- Group operationsget_group_members/add_user_to_group- Membership managementget_user_groups/remove_user_from_group- User group associations
Realm Administration
System-wide configuration:
get_accessible_realms- List of accessible realmsget_realm_info/update_realm_settings- Realm configurationget_realm_events_config/update_realm_events_config- Event managementadd_realm_default_group/remove_realm_default_group- Default settings
Usage
Running the Server
Start the MCP server directly:
python -m src.main
Integration Examples
Prerequisites
Before integrating the Keycloak MCP Server, ensure you have one of the following installed:
- uvx (recommended): Install via
pip install uvxorpipx install uvx - uv: Follow installation instructions
- npm/npx: For Smithery installation (comes with Node.js)
Option 1: Using Smithery CLI (Recommended)
The easiest way - automatically configures everything for Claude Desktop:
npx @smithery/cli install @idoyudha/mcp-keycloak --client claude
This command will prompt you for the required configuration values and set up the server automatically.
Option 2: Using uvx (Manual Setup)
No cloning required! Add to your claude_desktop_config.json:
{
"mcpServers": {
"keycloak": {
"command": "uvx",
"args": ["mcp-keycloak"],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
}
}
}
Option 3: Local Development Setup
For development or customization:
- Clone the repository:
git clone https://github.com/idoyudha/mcp-keycloak.git
cd mcp-keycloak
- Add to your
claude_desktop_config.json:
{
"mcpServers": {
"keycloak": {
"command": "uv",
"args": [
"--directory",
"/path/to/mcp-keycloak",
"run",
"python",
"-m",
"src"
],
"env": {
"SERVER_URL": "https://your-keycloak.com",
"USERNAME": "admin",
"PASSWORD": "admin-password",
"REALM_NAME": "your-realm"
}
}
}
}
💡 Quick Tips:
- Replace
/path/to/mcp-keycloakwith the actual path where you cloned the repository - Ensure your Keycloak server URL includes the protocol (
https://orhttp://) - The
REALM_NAMEshould match an existing realm in your Keycloak instance
Example Use Cases
🤖 AI-Powered Identity Management
Build AI assistants that can handle user onboarding, permission management, and access control through natural language commands.
🔄 Automated User Provisioning
Create workflows that automatically provision users, assign roles, and configure client applications based on business rules.
📊 Identity Analytics
Query and analyze user data, session information, and access patterns to gain insights into your identity infrastructure.
🚀 DevOps Integration
Integrate Keycloak management into your CI/CD pipelines, allowing automated configuration of identity services.
Requirements
- Python 3.8 or higher
- Keycloak server (tested with Keycloak 18+)
- Admin access to Keycloak realm
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Support
For issues, questions, or contributions, please visit the GitHub repository.