keycloak¶
gaby-keycloak-connector¶
First-party MCP server for Keycloak — read-only. Exposes four tools to Gaby:
| Tool | Scope | Description |
|---|---|---|
get_user |
read | Lookup by email (exact match) or UUID |
list_user_sessions |
read | Active sessions for a given user id |
get_realm_info |
read | Basic realm settings |
healthcheck |
read | Admin-API reachability check |
Authentication uses the OIDC client_credentials grant against the master realm. Tokens are cached in-process until ~1 min before expiry.
Configure¶
export KEYCLOAK_URL=https://auth.example.com
export KEYCLOAK_CLIENT_ID=gaby-admin
export KEYCLOAK_CLIENT_SECRET=...
export KEYCLOAK_REALM=master # optional; default is master
python connectors/keycloak/server.py
The gaby-admin client must be a confidential client with a service account that has the view-users and view-realm roles in the target realm.
Manifest version¶
1.0.0