keycloak-mcp
Verified Safeby HaithamOumerzoug
Overview
Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.
Installation
npx -y keycloak-mcp --keycloak-url <Keycloak Instance URL> --keycloak-admin <Admin Username> --keycloak-admin-password <Admin Password>Environment Variables
- KEYCLOAK_URL
- KEYCLOAK_ADMIN
- KEYCLOAK_ADMIN_PASSWORD
Security Notes
The server uses the official Keycloak Admin Client and implements robust input validation using Zod schemas for all tool arguments. Admin credentials (URL, username, password) are loaded from environment variables or command-line arguments and are validated to ensure they are not empty. There are no direct 'eval' calls or obvious malicious patterns in the provided source. The primary security consideration is the sensitive nature of the Keycloak admin credentials, which grant full administrative access to Keycloak. Proper handling of these credentials in the deployment environment (e.g., using secure secrets management) is critical to prevent unauthorized access to the Keycloak instance.
Similar Servers
cli
The Smithery CLI installs, manages, develops, and runs Model Context Protocol (MCP) servers, acting as a client-agnostic tool for AI client integration.
boilerplate-mcp-server
Provides a TypeScript boilerplate for developing custom Model Context Protocol (MCP) servers, with an IP geolocation tool as an example.
mcp-server-playground
A Model Context Protocol (MCP) server that acts as an OAuth proxy for 3rd party authorization servers like Auth0, provides stateful session management, and exposes various tools for system time, streaming, project keyword searching, and AWS services (S3, ECS, CloudWatch Logs, Bedrock).
photon
A framework for building simple, auditable, single-file TypeScript applications that function as Model Context Protocol (MCP) servers for AI assistants and/or command-line interface (CLI) tools, emphasizing security, ease of development, and rapid deployment.