Keycloak
Connects to Keycloak identity management systems to manage users, realms, groups, and clients through a standardized interface.
Integrates with Keycloak identity management to enable user creation, role assignment, group management, and client listing across different realms
What it does
- Create and delete users in Keycloak realms
- List all users within specific realms
- Browse available realms and clients
- Manage groups across different realms
- Query realm configurations and settings
Best for
About Keycloak
Keycloak is a community-built MCP server published by haithamoumerzoug that provides AI assistants with tools and capabilities via the Model Context Protocol. Integrate with Keycloak for user creation, role assignment, group, and client management across realms using Keycloak id It is categorized under auth security.
How to install
You can install Keycloak in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
Keycloak is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
Keycloak MCP Server
A Model Context Protocol (MCP) server implementation for Keycloak, providing a standardized interface for managing Keycloak users and realms.
Description
This project implements an MCP server that integrates with Keycloak, allowing you to manage Keycloak users and realms through a standardized protocol. It uses the official Keycloak Admin Client to interact with Keycloak's API.
Feature Demo
https://github.com/user-attachments/assets/4b02a049-b8d6-4cc5-a7b4-564a0e758dd8
Available Tools
create-user
Creates a new user in a specified realm.
Inputs:
realm: The realm nameusername: Username for the new useremail: Email address for the userfirstName: User's first namelastName: User's last name
delete-user
Deletes a user from a specified realm.
Inputs:
realm: The realm nameuserId: The ID of the user to delete
list-realms
Lists all available realms.
list-users
Lists all users in a specified realm.
Inputs:
realm: The realm name
list-clients
Lists all clients in a specified realm.
Inputs:
realm: The realm name
list-groups
Lists all groups in a specified realm.
Inputs:
realm: The realm name
list-client-roles
Lists all roles for a specific client in a realm.
Inputs:
realm: The realm nameclientUniqueId: The unique ID of the client
assign-client-role-to-user
Assigns a client role to a specific user.
Inputs:
realm: The realm nameuserId: The ID of the userclientUniqueId: The unique ID of the clientroleName: The name of the role to assign
add-user-to-group
Adds a user to a specific group.
Inputs:
realm: The realm nameuserId: The ID of the usergroupId: The ID of the group
Prerequisites
- Node.js (Latest LTS version recommended)
- npm
- A running Keycloak instance
Installation
Installing via Smithery
To install keycloak-mcp for Claude Desktop automatically via Smithery:
$ npx -y @smithery/cli install @HaithamOumerzoug/keycloak-mcp --client claude
Installing via NPM
Configure environment:
- You can set configuration options using command-line arguments or environment variables:
--keycloak-url <Keycloak Instance URL>--keycloak-admin <Admin Username>--keycloak-admin-password <Admin Password>
- These arguments override environment variables if both are set.
Start the server:
The server is available as an NPM package:
# Direct usage with npx
$ npx -y keycloak-mcp --keycloak-url <Keycloak Instance URL> --keycloak-admin <Admin Username> --keycloak-admin-password <Admin Password>
# Or global installation
$ npm install -g keycloak-mcp@latest
$ keycloak-mcp --keycloak-url <Keycloak Instance URL> --keycloak-admin <Admin Username> --keycloak-admin-password <Admin Password>
Configuration
Using NPM Package
Configure the server in your Cursor IDE, Cline or Claude Desktop MCP configuration file:
{
"mcpServers": {
"keycloak": {
"command": "npx",
"args": ["-y", "keycloak-mcp"],
"env": {
"KEYCLOAK_URL": "http://localhost:8080",
"KEYCLOAK_ADMIN": "admin",
"KEYCLOAK_ADMIN_PASSWORD": "admin"
}
}
}
}
For Local Development
{
"mcpServers": {
"keycloak": {
"command": "node",
"args": ["path/to/dist/server.js"],
"env": {
"KEYCLOAK_URL": "http://localhost:8080",
"KEYCLOAK_ADMIN": "admin",
"KEYCLOAK_ADMIN_PASSWORD": "admin"
}
}
}
}
Development
To set up the development environment:
- Clone the repository
- Install dependencies:
npm install - Set env vars
cp .env.template .env # Edit the .env file and set all variables with the appropriate values - Start the project:
npm run dev
Available Scripts
npm run build- Builds the project and makes the CLI executablenpm run prepare- Runs the build script (used during package installation)npm run dev- Watches for changes and rebuilds automaticallynpm start- Starts the server (for production)
Dependencies
Main Dependencies
@keycloak/keycloak-admin-client- Official Keycloak Admin Client@modelcontextprotocol/sdk- MCP SDK for standardized protocol implementationzod- TypeScript-first schema validationchalk- Terminal string stylingyargs- Parsing command-line arguments
Dev Dependencies
typescript- For TypeScript support@types/node- TypeScript definitions for Node.jsshx- Cross-platform shell commandsts-node- TypeScript execution and REPL for Node.jsrimraf- A cross-platform tool to remove directories@types/yargs- TypeScript definitions for yargs
License
MIT
Author
Alternatives
Related Skills
Browse all skillsFirebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I
Comprehensive backend development skill for building scalable backend systems using NodeJS, Express, Go, Python, Postgres, GraphQL, REST APIs. Includes API scaffolding, database optimization, security implementation, and performance tuning. Use when designing APIs, optimizing database queries, implementing business logic, handling authentication/authorization, or reviewing backend code.
Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.
Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.