Public
McPkeyCloakspi
2025-04-01
EventProvider für KeyCloak, verwendet, um Benutzerinformationen an die Identitätsregistrierungs -API zu synchronisieren
4
Github Watches
5
Github Forks
8
Github Stars
Maritime Connectivity Platform implementation of Keycloak SPI
Keycloak has a series of Service Provider Interfaces (SPI) that allows for adding new functionality where needed. For Keycloak to work in as the MCP Identity Broker the SPI mentioned below has been implemented.
For setup please refer to the MIR deployment guidelines as well as the information below.
MCP Event Listener
This is an implementation of a Keycloak Event Listener, implementing the Event Listener SPI as described here.
This is used to keep the user database in the MCP Identity Registry API in sync with information fetched during login
using the MCP ID Broker. When a user logs in this EventListener will make a call to a REST webservice which includes the
user information passed from the users Identity Provider. The webservice call uses a certificate to authenticate itself
against the API. The Event Listener is setup by adding
mcp-identityregistry-keycloak-spi-latest-jar-with-dependencies.jar in the providers/ folder.
The Event Listener can be configured with the following environmental variables:
| Variable | Description |
|---|---|
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_SERVER_ROOT | The root URL to the MIR API |
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_KEYSTORE_PATH | Path to a keystore that is used to authenticate to the MIR API |
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_KEYSTORE_PASSWORD | The password for the keystore that is used to authenticate to the MIR API |
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_TRUSTSTORE_PATH | Path to a custom truststore. Should only be set if the MIR API is using a TLS certificate that cannot be verified against the built-in truststore |
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_TRUSTSTORE_PASSWORD | Password to the custom truststore that is defined by the previous variable. Should only be set if the previous variable is set |
| KC_SPI_EVENTS_LISTENER_MCP_EVENT_LISTENER_IDP_NOT_TO_SYNC | Comma separated list of identity providers that should not be synchronized on login |
| KC_SPI_AUTHENTICATOR_CERTIFICATE_CLIENT_CERT_HEADER | The HTTP header that the client certificate is put into by the reverse proxy. The default value is "X-Client-Certificate" |
The keystore holds the certificate to authenticate the event listener, while the truststore holds the trusted certificate of the Identity Registry API. The truststore should only be needed in test setups where self-signed certificates are used.
After doing the setup as described above, go into the admin console in Keycloak and go to Events in the left side menu. Go to the Config tab, add mcp-event-listener to the Event Listeners and click Save.
Authenticator using X.509 certificates
The purpose of this SPI is to allow users to authenticate using X.509 certificates. This is meant as a "bridge" where a certificate can be converted into a OpenId Connect token.
The Authenticator is setup by adding the jar in the providers/ folder.
For configuration, an authentication flow should be setup with a single step where the type is Certificates and the
requirement is Required.
相关推荐
I find academic articles and books for research and literature reviews.
Confidential guide on numerology and astrology, based of GG33 Public information
Converts Figma frames into front-end code for various mobile frameworks.
Advanced software engineer GPT that excels through nailing the basics.
Take an adjectivised noun, and create images making it progressively more adjective!
Embark on a thrilling diplomatic quest across a galaxy on the brink of war. Navigate complex politics and alien cultures to forge peace and avert catastrophe in this immersive interstellar adventure.
Entdecken Sie die umfassendste und aktuellste Sammlung von MCP-Servern auf dem Markt. Dieses Repository dient als zentraler Hub und bietet einen umfangreichen Katalog von Open-Source- und Proprietary MCP-Servern mit Funktionen, Dokumentationslinks und Mitwirkenden.
Die All-in-One-Desktop & Docker-AI-Anwendung mit integriertem Lappen, AI-Agenten, No-Code-Agent Builder, MCP-Kompatibilität und vielem mehr.
Ein leistungsstarkes Neovim -Plugin für die Verwaltung von MCP -Servern (Modellkontextprotokoll)
MCP -Server für den Fetch -Webseiteninhalt mit dem Headless -Browser von Dramatikern.
Brücke zwischen Ollama und MCP -Servern und ermöglicht es lokalen LLMs, Modellkontextprotokoll -Tools zu verwenden
🧑🚀 全世界最好的 llm 资料总结(数据处理、模型训练、模型部署、 O1 模型、 MCP 、小语言模型、视觉语言模型) | Zusammenfassung der weltbesten LLM -Ressourcen.
Fair-Code-Workflow-Automatisierungsplattform mit nativen KI-Funktionen. Kombinieren Sie visuelles Gebäude mit benutzerdefiniertem Code, SelbstHost oder Cloud, 400+ Integrationen.
Reviews
3
(1)
user_qLZjrlZn
2025-04-18
MCPKeycloakSpi by maritimeconnectivity is an outstanding integration solution for Keycloak users in the maritime industry. It seamlessly enhances security and identity management. The documentation is comprehensive, making it easy to implement and deploy. Highly recommend for any maritime application needing robust authentication. Check it out at: https://github.com/maritimeconnectivity/MCPKeycloakSpi