MCP.so
登录

Keycloak MCP Server

@sshaaf

关于 Keycloak MCP Server

An MCP server for Keycloak, designed to work with Keycloak for identity and access management, covering, Users, Realms, Clients, Roles, Groups, IDPs, Authentication. Searching keycloak discourse, Native builds available.

基本信息

分类

其他

运行时

java

传输方式

stdio

发布者

sshaaf

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "keycloak-mcp-server": {
      "command": "docker",
      "args": [
        "run",
        "-d",
        "\\"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Keycloak MCP Server?

Keycloak MCP Server is a Model Context Protocol (MCP) server that provides programmatic access to Keycloak administration functionality. It enables AI assistants and development tools to interact with Keycloak through the MCP protocol.

How to use Keycloak MCP Server?

Run the server via Docker with environment variables for Keycloak URL, realm, and OIDC client ID. Users authenticate with their own JWT tokens obtained from Keycloak, then configure their MCP client (e.g., in ~/.cursor/mcp.json) with SSE transport and an Authorization header containing the token.

Key features of Keycloak MCP Server

  • User JWT token authentication
  • Comprehensive Keycloak operations (users, realms, clients, roles, groups)
  • SSE transport for HTTP-based communication
  • Production-ready OpenShift/Kubernetes deployment
  • Multi-architecture container images
  • GraalVM native image support

Use cases of Keycloak MCP Server

  • Automate user management through AI assistants
  • Configure realms and clients programmatically
  • Manage roles and groups via chat interfaces
  • Integrate Keycloak administration with dev tools

FAQ from Keycloak MCP Server

How do I authenticate with the server?

Users authenticate by obtaining a JWT token from their Keycloak instance (using the provided get-mcp-token.sh script) and passing it as a Bearer token in the Authorization header of SSE requests.

What runtime does Keycloak MCP Server require?

The server is built on Quarkus and can run as a JAR, native image, or container. Docker is the recommended deployment method, with pre-built images available on Quay.io.

How is data stored and where does it live?

Keycloak MCP Server does not store data itself—it communicates with an external Keycloak server whose URL is provided via the KC_URL environment variable. All user, realm, and client data resides in that Keycloak instance.

What transport and authentication mechanisms are supported?

The server uses SSE (Server-Sent Events) transport for MCP communication. Authentication is handled via user-specific JWT tokens issued by Keycloak.

Are there any known limitations or alternatives mentioned?

No limitations or alternative servers are discussed in the README. The server focuses on providing comprehensive Keycloak administration via MCP.

评论

其他 分类下的更多 MCP 服务器