mas-mcp-server
by JanWillemSteur65
Overview
An independent MCP Server designed for multi-tenant IBM Maximo Application Suite (Manage), providing an MCP endpoint, admin UI, user/role management, Maximo discovery, message logging, and concept definition.
Installation
cd api && python -m venv .venv && source .venv/bin/activate && pip install -r requirements.txt && export MAS_MCP_DATABASE_URL=postgresql+psycopg2://masmcp:masmcp@localhost:5432/masmcp && export MAS_MCP_JWT_SECRET=CHANGE_ME && uvicorn app.main:app --reload --host 0.0.0.0 --port 8000Environment Variables
- MAS_MCP_ENV
- MAS_MCP_API_BASE_PATH
- MAS_MCP_CORS_ALLOW_ORIGINS
- MAS_MCP_DATABASE_URL
- MAS_MCP_JWT_SECRET
- MAS_MCP_JWT_ISSUER
- MAS_MCP_JWT_AUDIENCE
- MAS_MCP_JWT_EXP_MINUTES
- MAS_MCP_MAXIMO_REQUEST_TIMEOUT_SECONDS
- MAS_MCP_OTEL_SERVICE_NAME
- MAS_MCP_OTEL_EXPORTER_OTLP_ENDPOINT
- MAS_MCP_BOOTSTRAP_ADMIN_EMAIL
- MAS_MCP_BOOTSTRAP_ADMIN_PASSWORD
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
- VITE_API_BASE
Security Notes
The OpenShift deployment manifests (03-config-and-secrets.yaml) hardcode critical secrets like MAS_MCP_JWT_SECRET ('CHANGE_ME') and PostgreSQL credentials (user: masmcp, password: masmcp). If these manifests are applied directly without modification, the deployed system will have publicly known, weak credentials, posing a severe security risk in production. Default admin bootstrap credentials (admin@example.com/admin) are also present. CORS is set to '*' by default, requiring explicit lockdown for production. Tenant credentials for Maximo (`api_key_enc`, `username_enc`, `password_enc`) are stored with an `_enc` suffix, implying encryption, but the encryption/decryption implementation is not provided in the source, making it a blind spot for audit.
Similar Servers
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
mcp-servicenow-nodejs
Automate ServiceNow operations, development, and administration through an AI-powered interface, offering multi-instance support, dynamic schema discovery, natural language querying, and local script synchronization.
mcp-compose
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.
fluidmcp
Orchestrates Model Context Protocol (MCP) servers and LLM inference engines (like vLLM) via a unified FastAPI gateway, enabling dynamic management, tool invocation, and multi-model LLM serving.