another-keycloak-mcp
Verified Safeby aelkz
Overview
This MCP server enables AI assistants to manage Keycloak Identity and Access Management operations safely and efficiently, offering comprehensive tools for user, group, realm, authentication, and client scope management.
Installation
npx -y another-keycloak-mcpEnvironment Variables
- KEYCLOAK_URL
- KEYCLOAK_REALM
- KEYCLOAK_ADMIN_USERNAME
- KEYCLOAK_ADMIN_PASSWORD
- KEYCLOAK_CLIENT_ID
- KEYCLOAK_CLIENT_SECRET
- OPERATION_MODE
- READ_ONLY_MODE
- TRANSPORT
- HTTP_PORT
- HTTP_HOST
- LOG_LEVEL
Security Notes
The server has good safety features like read-only and operation modes, but a critical risk is the hardcoded default `KEYCLOAK_CLIENT_SECRET` ('test12345') in `src/common/constants.ts`. If environment variables are not properly configured, this weak default could be used in `client_credentials` authentication, potentially exposing admin access. While the HTTP transport is currently unimplemented, its future implementation would require careful security review. No `eval` or obvious malicious patterns found.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
agent-identity-management
A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.
mcp-helm
Provides a Model Context Protocol (MCP) server for AI assistants to interact with Helm repositories and charts without requiring a local Helm installation.
keycloak-mcp
Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.