What features does Keycloak MCP server provide?

Q: What features does Keycloak MCP server provide?

Comprehensive User Management: Lifecycle management from creation to deletion, including password resets, session management, and user attribute updates.. Client Configuration: Create and configure OAuth2/OIDC clients, manage client secrets, and handle service accounts.. Role-Based Access Control: Define and assign realm and client roles, manage user permissions, and implement fine-grained access control.. Realm Administration: Configure realm settings, manage default groups, event configurations, and realm-wide policies.. Authentication Management: Manage authentication flows, executions, authenticators, and required actions.. Group Management: Organize users into groups, manage group hierarchies, and handle group membership and user-group associations.. HTTP Transport: Supports stdio and HTTP transports; HTTP uses MCP 2.0 JSON-RPC at /mcp/ with streaming support.. Security & Deployment Guidance: Origin header validation, localhost binding, local development authentication exemptions, and production deployment guidance (HTTPS, reverse proxies, firewall rules).

Keycloak MCP Server 2025: Features & Setup Guide

Overview

Keycloak MCP Server is a Model Context Protocol server that exposes Keycloak's REST API through a natural language interface, enabling AI-driven management of identity and access. It connects AI applications to Keycloak to perform user lifecycle operations, client configuration, realm administration, and role-based access control via simple text commands. The server supports complete user management (creation, updates, deletion, password resets, session control, and attribute management), OAuth2/OIDC client configuration (creation, retrieval, secret management, and service accounts), and granular RBAC across realms and clients, including role assignments and user-specific role queries. It also provides realm administration features such as realm settings, default groups, and event configurations, group management with hierarchical organization and membership operations, and authentication management covering flows, executions, and authenticators. The server can run in stdio mode or HTTP transport mode following the MCP streamable HTTP spec. It is configurable via environment variables (SERVER_URL, USERNAME, PASSWORD, REALM_NAME) and optional client credentials, and supports installation via Smithery or pip. The README outlines security considerations and deployment guidance for local development and production environments.

Features

Comprehensive User Management

Lifecycle management from creation to deletion, including password resets, session management, and user attribute updates.

Client Configuration

Create and configure OAuth2/OIDC clients, manage client secrets, and handle service accounts.

Role-Based Access Control

Define and assign realm and client roles, manage user permissions, and implement fine-grained access control.

Realm Administration

Configure realm settings, manage default groups, event configurations, and realm-wide policies.

Authentication Management

Manage authentication flows, executions, authenticators, and required actions.

Group Management

Organize users into groups, manage group hierarchies, and handle group membership and user-group associations.

HTTP Transport

Supports stdio and HTTP transports; HTTP uses MCP 2.0 JSON-RPC at /mcp/ with streaming support.

Security & Deployment Guidance

Origin header validation, localhost binding, local development authentication exemptions, and production deployment guidance (HTTPS, reverse proxies, firewall rules).