MCP server for Keycloak Identity and Access Management
Project description
Keycloak MCP Server
MCP server for Keycloak Identity and Access Management instances. Auto-generates 401 tools from the Keycloak OpenAPI specification using FastMCP.from_openapi(). Includes CodeMode for efficient AI interaction with large tool sets, and supports dual authentication modes (OAuth2 HTTP transport for user sessions, client_credentials for stdio service accounts).
Configuration
Authentication: Keycloak supports two modes depending on transport:
- stdio (service account): Uses
client_credentialsorpasswordgrant to obtain tokens automatically - HTTP (user OAuth): Uses OIDC proxy to authenticate end-users via browser flow
Option 1: config.json
cp config.json.example config.json
# Edit config.json with your Keycloak credentials
Option 2: Environment Variables
export KEYCLOAK_HOST="keycloak.example.com"
export KEYCLOAK_REALM="master"
export KEYCLOAK_CLIENT_ID="admin-cli"
export KEYCLOAK_CLIENT_SECRET="your-client-secret"
# Or use password grant:
export KEYCLOAK_USERNAME="admin"
export KEYCLOAK_PASSWORD="admin-password"
export KEYCLOAK_VERIFY_SSL="true"
export KEYCLOAK_CA_CERT_PATH=""
export KEYCLOAK_TIMEOUT="30"
Authentication Modes
stdio Mode (Service Account)
For AI assistants connecting via stdio transport. The server acquires tokens automatically using either:
- Client credentials grant: Set
client_id+client_secret. Best for service-to-service. - Password grant: Set
username+password. Falls back toadmin-clias client_id.
Tokens are cached and refreshed automatically before expiry.
HTTP Mode (User OAuth Flow)
For web-based access where end-users authenticate via browser:
python -m bibliocommons_mcp_keycloak --transport http --port 8000
Uses OIDC proxy with your Keycloak realm's well-known configuration. Users authenticate through the standard Keycloak login page.
Installation
Option 1: Using uv (Recommended)
uv is a fast Python package manager. Install it first:
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
# Windows
powershell -c "irm https://astral.sh/uv/install.ps1 | iex"
No additional installation needed - uvx will handle dependencies automatically.
Option 2: Using pip
pip install bibliocommons-mcp-keycloak
# or for development
pip install -e ".[dev]"
AI Client Setup
VS Code (with MCP Extension)
{
"mcp.servers": {
"keycloak": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/keycloak", "bibliocommons-mcp-keycloak"]
}
}
}
Claude Desktop
Configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"keycloak": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/keycloak", "bibliocommons-mcp-keycloak"]
}
}
}
Kiro IDE
{
"mcpServers": {
"keycloak": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/keycloak", "bibliocommons-mcp-keycloak"]
}
}
}
Kiro CLI
Create or edit ~/.kiro/settings/mcp.json:
{
"mcpServers": {
"keycloak": {
"command": "uvx",
"args": ["--from", "/absolute/path/to/keycloak", "bibliocommons-mcp-keycloak"]
}
}
}
Configuration Notes
- Replace
/absolute/path/to/keycloak/with the actual path to your server directory - Add
--config /path/to/config.jsonto the args array to use a specific config file - Add
--read-onlyto the args array to disable destructive tools - After adding the configuration, restart your AI client for changes to take effect
For other AI clients (Amazon Q, GitHub Copilot, Cline, Zed, Cursor), see docs/ai-clients.md.
Docker
# Pull from Docker Hub (private)
docker pull bibliocommons/mcp-keycloak:latest
# Run in stdio mode
docker run -i --rm \
-v /path/to/config.json:/config.json:ro \
bibliocommons/mcp-keycloak:latest \
--config /config.json
# Run in HTTP mode
docker run -d --rm \
-v /path/to/config.json:/config.json:ro \
-p 8000:8000 \
bibliocommons/mcp-keycloak:latest \
--config /config.json --transport http --port 8000
# Run in expanded mode
docker run -i --rm \
-v /path/to/config.json:/config.json:ro \
bibliocommons/mcp-keycloak:latest \
--config /config.json --expanded
Standalone MCP Server
python -m bibliocommons_mcp_keycloak
CLI Flags
| Flag | Env Var | Description |
|---|---|---|
--config PATH |
KEYCLOAK_CONFIG |
Path to config.json |
--read-only |
KEYCLOAK_READ_ONLY |
Exclude destructive tools (POST, PUT, DELETE, PATCH) |
--expanded |
KEYCLOAK_EXPANDED |
Register all tools individually instead of gateway mode |
--transport stdio|http |
KEYCLOAK_TRANSPORT |
Transport mode (default: stdio) |
--port PORT |
KEYCLOAK_PORT |
HTTP port (default: 8000) |
--version |
— | Show version and exit |
Gateway Mode (Default)
By default, the server exposes 2 tools instead of 401 individual tools:
| Tool | Purpose |
|---|---|
keycloak_api |
Execute any Keycloak action by name with a params dict |
keycloak_help |
Search available actions, parameters, and descriptions |
The AI assistant calls keycloak_help to discover available actions, then calls keycloak_api(action="get_users", params={"realm": "master"}) to execute them.
To register all individual tools (previous behavior), use --expanded:
python -m bibliocommons_mcp_keycloak --expanded
Read-Only Mode
Disable all write operations (POST, PUT, DELETE, PATCH) for safe, audit-only operation:
# CLI flag
python -m bibliocommons_mcp_keycloak --read-only
# Environment variable
export KEYCLOAK_READ_ONLY=true
In read-only mode, only GET-based tools are exposed. All mutating operations are excluded.
OpenAPI Spec Caching
The server downloads the Keycloak OpenAPI spec on first run and caches it locally as openapi.json. To use a custom cache location:
export KEYCLOAK_SPEC_CACHE="/path/to/openapi.json"
To refresh the cache, delete the file and restart the server.
Security Notes
- Create a dedicated service account in Keycloak for MCP access with minimal required roles
- Never commit
config.jsonwith real credentials (excluded by.gitignore) - Use
config.json.exampleas a template - Prefer environment variables for production and CI environments
- Use
--read-onlymode when write access is not needed - Tokens are cached in memory only and never written to disk
- Set
verify_ssl=truein production; only disable for development with self-signed certificates
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bibliocommons_mcp_keycloak-1.2.2.tar.gz.
File metadata
- Download URL: bibliocommons_mcp_keycloak-1.2.2.tar.gz
- Upload date:
- Size: 16.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0e2635f7e3fed2411b92fb7441254c1a1db28934af83760923e95f1db89f3ab6
|
|
| MD5 |
7b74f5ee17dc51855b0275b967fab907
|
|
| BLAKE2b-256 |
c281396409eb5273e92dbcf09a6063b6e2ded80d3a8dd27b6abce706b6c4131a
|
File details
Details for the file bibliocommons_mcp_keycloak-1.2.2-py3-none-any.whl.
File metadata
- Download URL: bibliocommons_mcp_keycloak-1.2.2-py3-none-any.whl
- Upload date:
- Size: 10.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5cf5b201609029f15c66c380407a0201f0281d9b99475c4a6365a63fad553563
|
|
| MD5 |
5ac1e80c2cecf54646ac1a92533af51c
|
|
| BLAKE2b-256 |
178c68c93687a17c71eb5664acf78e6beab194d377fd4cb7fc414e2ca8f83ae7
|
