Spark
Sign In
MCP

Manage Keycloak Programmatically

Model Context Protocol server providing programmatic access to Keycloak administration functions for user management, realm configuration, client

Connect
Works with keycloakopenshiftkubernetesgraalvm
Shaaf Syed
Maintainer?
90
Spark score
out of 100
Updated 4 months ago
Version 1.0.0
Models
claude
Add to Favorites

Why it matters

Automate Keycloak administration tasks for AI assistants and development tools. Interact with Keycloak for user management, realm configuration, client administration, and authentication flow management.

Outcomes

What it gets done

01

Programmatic user management

02

Realm and client configuration

03

Authentication flow control

04

Integration with AI assistants

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/vb-keycloak-mcp-server | bash

Overview

Keycloak MCP Server

What it does

A Model Context Protocol server that provides programmatic access to Keycloak administration functions through over 40 tools covering user management, realm configuration, client administration, roles, groups, identity providers, and authentication flows.

How it connects

Use this server to enable programmatic access to Keycloak administration functions through the Model Context Protocol with SSE transport and JWT-based authentication.

Source README

A Model Context Protocol server that provides programmatic access to Keycloak administration functions, enabling AI assistants and development tools to interact with Keycloak for user management, realm configuration, client administration, and authentication flow management.

Installation

Docker

docker run -d \
  --name keycloak-mcp-server \
  -p 8080:8080 \
  -e KC_URL=https://keycloak.example.com \
  -e KC_REALM=master \
  -e OIDC_CLIENT_ID=mcp-server \
  quay.io/sshaaf/keycloak-mcp-server:latest

Docker Pull

docker pull quay.io/sshaaf/keycloak-mcp-server:latest

JAR

mvn clean package
java -jar target/quarkus-app/quarkus-run.jar

Native Image

mvn clean package -Pnative
./target/keycloak-mcp-server-runner

Container Image

mvn clean package -Dquarkus.container-image.build=true

Configuration

Cursor MCP Configuration

{
  "mcpServers": {
    "keycloak": {
      "transport": "sse",
      "url": "https://mcp-server.example.com/mcp/sse",
      "headers": {
        "Authorization": "Bearer <your-jwt-token>"
      }
    }
  }
}

Features

  • Authentication via user JWT tokens
  • Complete set of Keycloak operations (users, realms, clients, roles, groups, etc.)
  • SSE transport for HTTP communication
  • Production-ready deployment on OpenShift/Kubernetes
  • Multi-architecture container images
  • GraalVM native image support

Environment Variables

Required

  • KC_URL - Keycloak server URL
  • KC_REALM - Keycloak realm for connection
  • OIDC_CLIENT_ID - OIDC client ID for authentication

Notes

Users must obtain their own JWT tokens from Keycloak using the provided script for authentication. Complete documentation is available in the docs directory, including a getting started guide, authentication guide, and OpenShift deployment instructions. Built on Quarkus for cloud deployment and supports over 40 tools covering users, realms, clients, roles, groups, IDPs, and authentication.

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.