Skip to content
/ keycloak-mcp-server Public

An MCP server for Keycloak, designed to work with Keycloak for identity and access management, covering, Users, Realms, Clients, Roles, Groups, IDPs, Authentication. Searching keycloak discourse, Native builds available.

shaaf.dev/keycloak-mcp-server/
17 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sshaaf/keycloak-mcp-server

BranchesTags

Repository files navigation

Project Logo

An MCP Server for Keycloak

Keycloak MCP Server

A Model Context Protocol (MCP) server that provides programmatic access to Keycloak administration functionality.

Overview

The Keycloak MCP Server enables AI assistants and development tools to interact with Keycloak through the Model Context Protocol. It supports comprehensive Keycloak operations including user management, realm configuration, client administration, and authentication flow management.

Key Features

  • User JWT Token Authentication
  • Comprehensive Keycloak Operations (users, realms, clients, roles, groups, etc.)
  • SSE Transport for HTTP-based communication
  • Production-ready OpenShift/Kubernetes deployment
  • Multi-architecture container images
  • GraalVM native image support

Quick Start

Using Docker

docker run -d \
  --name keycloak-mcp-server \
  -p 8080:8080 \
  -e KC_URL=https://keycloak.example.com \
  -e KC_REALM=master \
  -e OIDC_CLIENT_ID=mcp-server \
  quay.io/sshaaf/keycloak-mcp-server:latest

Authentication

Users authenticate with their own JWT tokens from Keycloak:

# Get your token
./scripts/get-mcp-token.sh \
  --keycloak-url https://keycloak.example.com \
  --username your-username \
  --password your-password

Configure in your MCP client (~/.cursor/mcp.json):

{
  "mcpServers": {
    "keycloak": {
      "transport": "sse",
      "url": "https://mcp-server.example.com/mcp/sse",
      "headers": {
        "Authorization": "Bearer <your-jwt-token>"
      }
    }
  }
}

Documentation

Complete documentation is available in the docs directory:

Building Documentation

This project uses MkDocs for documentation. To build and serve locally:

pip install mkdocs-material
mkdocs serve

Visit http://localhost:8000 to view the documentation.

Container Images

Pre-built images are available on Quay.io:

docker pull quay.io/sshaaf/keycloak-mcp-server:latest

Images are automatically built and pushed on commits to main and on releases.

Building

JAR

mvn clean package
java -jar target/quarkus-app/quarkus-run.jar

Native Image

mvn clean package -Pnative
./target/keycloak-mcp-server-runner

Container Image

mvn clean package -Dquarkus.container-image.build=true

Technology Stack

  • Quarkus - Cloud-native Java framework
  • Keycloak Admin Client - Official Keycloak Java client
  • MCP Protocol - Model Context Protocol for AI integration
  • Jib - Containerization without Docker daemon
  • GraalVM - Native image compilation support

License

MIT License - see LICENSE file for details.

Contributing

Contributions are welcome. See Contributors Guide for details.

Support

Maintainer: Shaaf Syed
Repository: https://github.com/sshaaf/keycloak-mcp-server
Container Registry: https://quay.io/repository/sshaaf/keycloak-mcp-server

About

An MCP server for Keycloak, designed to work with Keycloak for identity and access management, covering, Users, Realms, Clients, Roles, Groups, IDPs, Authentication. Searching keycloak discourse, Native builds available.

shaaf.dev/keycloak-mcp-server/

Topics

java keycloak quarkus mcp-server

Resources

Readme
Activity

Stars

17 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 5

v0.2.0 Latest
Aug 20, 2025
+ 4 releases

Languages