A Model Context Protocol (MCP) server implementation for Keycloak, providing a standardized interface for managing Keycloak users and realms.
This project implements an MCP server that integrates with Keycloak, allowing you to manage Keycloak users and realms through a standardized protocol. It uses the official Keycloak Admin Client to interact with Keycloak's API.
keycloak-mcp-demo.mp4
Creates a new user in a specified realm.
Inputs:
realm: The realm nameusername: Username for the new useremail: Email address for the userfirstName: User's first namelastName: User's last name
Deletes a user from a specified realm.
Inputs:
realm: The realm nameuserId: The ID of the user to delete
Lists all available realms.
Lists all users in a specified realm.
Inputs:
realm: The realm name
Lists all clients in a specified realm.
Inputs:
realm: The realm name
Lists all groups in a specified realm.
Inputs:
realm: The realm name
Lists all roles for a specific client in a realm.
Inputs:
realm: The realm nameclientUniqueId: The unique ID of the client
Assigns a client role to a specific user.
Inputs:
realm: The realm nameuserId: The ID of the userclientUniqueId: The unique ID of the clientroleName: The name of the role to assign
Adds a user to a specific group.
Inputs:
realm: The realm nameuserId: The ID of the usergroupId: The ID of the group
- Node.js (Latest LTS version recommended)
- npm
- A running Keycloak instance
To install keycloak-mcp for Claude Desktop automatically via Smithery:
$ npx -y @smithery/cli install @HaithamOumerzoug/keycloak-mcp --client claude- You can set configuration options using command-line arguments or environment variables:
--keycloak-url <Keycloak Instance URL>--keycloak-admin <Admin Username>--keycloak-admin-password <Admin Password>
- These arguments override environment variables if both are set.
The server is available as an NPM package:
# Direct usage with npx
$ npx -y keycloak-mcp --keycloak-url <Keycloak Instance URL> --keycloak-admin <Admin Username> --keycloak-admin-password <Admin Password>
# Or global installation
$ npm install -g keycloak-mcp@latest
$ keycloak-mcp --keycloak-url <Keycloak Instance URL> --keycloak-admin <Admin Username> --keycloak-admin-password <Admin Password>Configure the server in your Cursor IDE, Cline or Claude Desktop MCP configuration file:
{
"mcpServers": {
"keycloak": {
"command": "npx",
"args": ["-y", "keycloak-mcp"],
"env": {
"KEYCLOAK_URL": "http://localhost:8080",
"KEYCLOAK_ADMIN": "admin",
"KEYCLOAK_ADMIN_PASSWORD": "admin"
}
}
}
}{
"mcpServers": {
"keycloak": {
"command": "node",
"args": ["path/to/dist/server.js"],
"env": {
"KEYCLOAK_URL": "http://localhost:8080",
"KEYCLOAK_ADMIN": "admin",
"KEYCLOAK_ADMIN_PASSWORD": "admin"
}
}
}
}To set up the development environment:
- Clone the repository
- Install dependencies:
npm install
- Set env vars
cp .env.template .env # Edit the .env file and set all variables with the appropriate values - Start the project:
npm run dev
npm run build- Builds the project and makes the CLI executablenpm run prepare- Runs the build script (used during package installation)npm run dev- Watches for changes and rebuilds automaticallynpm start- Starts the server (for production)
@keycloak/keycloak-admin-client- Official Keycloak Admin Client@modelcontextprotocol/sdk- MCP SDK for standardized protocol implementationzod- TypeScript-first schema validationchalk- Terminal string stylingyargs- Parsing command-line arguments
typescript- For TypeScript support@types/node- TypeScript definitions for Node.jsshx- Cross-platform shell commandsts-node- TypeScript execution and REPL for Node.jsrimraf- A cross-platform tool to remove directories@types/yargs- TypeScript definitions for yargs
MIT