Asgardeo
FeaturedOfficialby
An MCP server to interact with your Asgardeo organization through LLM tools, allowing for natural language-based configuration and management of applications and their authentication flows.
Asgardeo Overview
What is Asgardeo MCP Server?
The Asgardeo MCP Server enables users to manage their Asgardeo organization or WSO2 Identity Server deployment using LLM tools. It facilitates natural language interactions for various configuration tasks, streamlining the management of identity and access management configurations.
Asgardeo MCP Server's Core Features
- Application Management: List, create, and retrieve details for single-page, web, mobile, or M2M applications.
- Login Flow Configuration: Customize application login flows using natural language prompts to define authentication steps and integrate with the Asgardeo SDK.
How to use Asgardeo MCP Server?
- Create an M2M Application: Set up an M2M application within your Asgardeo organization.
- Authorize Management APIs: Grant necessary API scopes for application, API resource, and identity provider management.
- Obtain Credentials: Get the
Client IDandClient Secretfor the M2M application. - Configure the Server: Set up the
.envfile with your organization name, client ID, and client secret. - Run the Server: Start the MCP server using the provided command.
Asgardeo MCP Server's Use Cases
- Listing all applications within an organization.
- Creating a new single-page application and configuring its authentication flow.
- Fetching detailed information about a specific application by its name.
FAQ from Asgardeo MCP Server
- **Is this feature ready for production use?
No, this is an experimental feature and is not intended for use in production environments. Features, APIs, and functionality may change without prior notice.
Asgardeo's README
Asgardeo MCP Server
The Asgardeo MCP Server allows you to manage your Asgardeo organization or WSO2 Identity Server deployment seamlessly using LLM tools, enabling natural language interactions for various configuration tasks.
[!IMPORTANT] Experimental Feature Notice
This software includes experimental functionality and is not intended for use in production environments. Features, APIs, and functionality may change as the implementation evolves without prior notice.
Key Use Cases
With tools like Claude Desktop, you can:
- List Applications: Retrieve a list of all applications in your organization.
- Create Applications: Set up single-page, web, mobile or m2m applications and integrate it with the Asgardeo authentication SDK.
- Retrieve Application Details: Fetch detailed information about specific applications.
- Configure Login Flows: Customize the login flow of an application using natural language prompts and the available tools, enabling seamless user authentication experiences.
Demonstrations
-
Listing Applications in Claude
-
Fetching Application Details in Claude
How to Use
On Asgardeo / WSO2 Identity Server
- Create an M2M Application: Set up an M2M application in your organization.
- Authorize Management APIs: Grant the following scopes to the application:
| API | Scopes |
|---|---|
Application Management API (/api/server/v1/applications) |
internal_application_mgt_view, internal_application_mgt_update, internal_application_mgt_create |
API Resource Management API (/api/server/v1/api-resources) |
internal_api_resource_update, internal_api_resource_create, internal_api_resource_view |
Identity Provider Management API (/api/server/v1/identity-providers) |
internal_idp_view |
Authenticators Management API (/api/server/v1/authenticators) |
internal_authenticator_view |
Claim Management API (/api/server/v1/claim-dialects) |
internal_claim_meta_view |
SCIM2 Users API (/scim2/Users) |
internal_user_mgt_create |
OIDC Scope Management API (/api/server/v1/oidc/scopes) |
internal_oidc_scope_mgt_view |
- Copy Credentials: Save the client ID and client secret of the M2M application.
On Your Machine
- Clone the Repository:
git clone <repository-url>
- Install Dependencies:
go mod tidy
- Build the Executable:
go build -o asgardeo-mcp
- Configure Your MCP Client:
VS Code (GitHub Copilot)
- Install the GitHub Copilot extension.
- Open VS Code Settings (
File > Preferences > Settings). - Search for "MCP" and edit the
settings.jsonfile:"mcp": { "servers": { "asgardeo-mcp-server": { "type": "stdio", "command": "<absolute path to the asgardeo-mcp executable, e.g., /Users/<user directory>/<repository path>/asgardeo-mcp-server/asgardeo-mcp>", "args": [], "env": { "BASE_URL" : "https://api.asgardeo.io/t/<asgardeo organization>", "CLIENT_ID" : "<client ID>", "CLIENT_SECRET" : "<client secret>" } } } } - Save the file and start the MCP server from
settings.json.
Claude Desktop
- Open Claude Desktop and navigate to
Settings > Developer. - Edit the
claude_desktop_config.jsonfile:"asgardeo-mcp": { "command": "<absolute path to the asgardeo-mcp executable, e.g., /Users/<user directory>/<repository path>/asgardeo-mcp-server/asgardeo-mcp>", "args": [], "env": { "BASE_URL": "https://api.asgardeo.io/t/<asgardeo organization>", "CLIENT_ID": "<client ID>", "CLIENT_SECRET": "<client secret>" } } - Restart Claude Desktop.
Cursor
- Open Cursor and navigate to
Settings > MCP. - Edit the
mcp.jsonfile:"asgardeo-mcp": { "command": "<absolute path to the asgardeo-mcp executable, e.g., /Users/<user directory>/<repository path>/asgardeo-mcp-server/asgardeo-mcp>", "args": [], "env": { "BASE_URL": "https://api.asgardeo.io/t/<asgardeo organization>", "CLIENT_ID": "<client ID>", "CLIENT_SECRET": "<client secret>" } }
[!NOTE]
- If you are using the WSO2 Identity Server, you need to set an additional environment variable named
PRODUCT_MODEtowso2is.- Also, replace the
BASE_URLwith your WSO2 Identity Server base URL (e.g.,https://<your-wso2is-host>/t/<tenant-domain>).- Additionally, if you are using WSO2 Identity Server for local development or in internal networks, you may need to set the certificate authority (CA) for the server to avoid SSL errors. You can do this by setting the
CERT_PATHenvironment variable to the path of your CA certificate file.
Available Tools
The Asgardeo MCP Server provides the following tools for interacting with your organization:
Application Management
| Tool Name | Description | Parameters |
|---|---|---|
list_applications |
Lists all applications in your organization | None |
create_single_page_app |
Creates a new Single Page Application | application_name (required): Name of the applicationredirect_url (required): Redirect URL for the application |
create_webapp_with_ssr |
Creates a new web application with server-side rendering | application_name (required): Name of the applicationredirect_url (required): Redirect URL for the application |
create_mobile_app |
Creates a new Mobile Application | application_name (required): Name of the applicationredirect_url (required): Redirect URL for the application |
create_m2m_app |
Creates a new Machine-to-Machine Application | application_name (required): Name of the application |
get_application_by_name |
Gets details of an application by name | application_name (required): Name of the application to search for |
get_application_by_client_id |
Gets details of an application by client ID | client_id (required): Client ID of the application |
update_application_basic_info |
Updates basic information of an application | id (required): ID of the applicationname, description, image_url, access_url, logout_return_url (optional) |
update_application_oauth_config |
Updates OAuth/OIDC configurations of an application | id (required): ID of the applicationredirect_urls, allowed_origins, user_access_token_expiry_time, application_access_token_expiry_time, refresh_token_expiry_time, etc. (optional) |
update_application_claim_config |
Updates claim configurations of an application | id (required): ID of the applicationclaims (required): List of requested claim URIs (Claim URIs should be specified using the default WSO2 claim dialect. Eg: http://wso2.org/claims/username) |
authorize_api |
Authorizes an application to access an API | appId (required): ID of the applicationid (required): ID of the API resourcepolicyIdentifier (required, default: "RBAC"): Authorization policyscopes (required): Scopes to authorize |
list_authorized_api |
Lists authorized API resources of an application | app_id (required): ID of the application |
update_login_flow |
Updates login flow in an application based on a natural language prompt | app_id (required): ID of the applicationuser_prompt (required): Natural language description of the desired login flow |
API Resource Management
| Tool Name | Description | Parameters |
|---|---|---|
list_api_resources |
Lists API resources in your organization | filter (optional): Filter expressionlimit (optional): Maximum results to return |
search_api_resources_by_name |
Searches for API resources by name | name (required): Name of the API resource to search for |
get_api_resource_by_identifier |
Gets an API resource by its identifier | identifier (required): Identifier of the API resource |
create_api_resource |
Creates a new API resource | identifier (required): Identifier for the API resourcename (required): Name of the API resourcerequiresAuthorization (required): Whether the API requires authorizationscopes (required): List of scopes for the API |
User Management
| Tool Name | Description | Parameters |
|---|---|---|
create_user |
Creates a user in your organization | username (required): Usernamepassword (required): Passwordemail (required): Email addressfirst_name (required): User's first namelast_name (required): User's last nameuserstore_domain (optional, default: "DEFAULT"): Userstore domain |
Claim Management
| Tool Name | Description | Parameters |
|---|---|---|
list_claims |
Lists claims in your organization | None |
[!NOTE] If you are using the WSO2 Identity Server and planning to use
update_login_flowtool, make sure to follow the steps in Subscribe to AI features.
Example Prompts
Application Management
-
Create a SPA:
Create a new Single Page Application named "My Demo App" with redirect URL "https://example.com/callback". -
Update Application:
Update my application with ID "abc123" to have a new name "Updated App". -
Update Application Login Flow:
Update the login flow of my application with ID "abc123" to Username and Password as the first step and Email OTP as the second step. -
Update Application Claim Configuration:
Update the claim configuration of my application with ID "abc123" to include "username", and "last_name".
API Resource Management
- Create and Authorize API:
Create a new API resource named "Customer API" and authorize my application to access it with "read:customers" scopes.
User Management
- Create a User:
Create a test user with the username and email address 'test@example.com'.
Claim Management
- Get Claim list:
List all claims in my Asgardeo organization.
Troubleshooting
Authentication & Permissions
- Invalid Credentials: Verify your client ID, client secret, and organization name in the base URL
- 403 Forbidden: Check if your M2M application has all required scopes authorized
Setup & Connection
- Build Issues: Ensure Go 1.18+ is installed, run
go mod tidybefore building - MCP Connection: Verify executable path is absolute and correct, check permissions (
chmod +x asgardeo-mcp)
Getting Help
If issues persist after troubleshooting:
- Check GitHub issues
- Create a new detailed issue including error messages and environment info
- Join the WSO2 community forums for support
Contributing
Contributions are welcome! Submit issues or pull requests via the GitHub repository.
Asgardeo Reviews
Login Required
Please log in to share your review and rating for this MCP.
Actions
Asgardeo's Information
- Author
- asgardeo
- Category
- Identity & Security
- Language
- Go
- License
- Apache License 2.0
- Stars
- 3
- Updated
- 3 months ago
Related MCP Servers
Discover more MCP servers with similar functionality and use cases
SafeLine
by chaitin
Provides a self‑hosted web application firewall and reverse‑proxy that filters, monitors, and blocks malicious HTTP/S traffic, protecting web applications from attacks such as SQL injection, XSS, brute‑force, bot abuse, and various code injections.
Burp MCP Server
by PortSwigger
Integrates Burp Suite with AI clients via the Model Context Protocol, providing a built‑in SSE server and a packaged Stdio proxy for seamless AI‑driven interaction with Burp.
Cycode Cli
by cycodehq
Boost security in the development lifecycle via static application security testing, software composition analysis, secrets detection, and infrastructure‑as‑code scanning.
Auth0
Officialby auth0
Auth0 MCP Server enables AI agents to manage Auth0 tenants using natural language, streamlining tasks like application and user management.
Keycloak MCP
by ChristophEnglisch
keycloak-model-context-protocol is an MCP server implementation for Keycloak user management, enabling AI-powered administration of Keycloak users and realms through the Model Context Protocol (MCP).
OpenCTI
by Spathodea-Network
OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with the OpenCTI (Open Cyber Threat Intelligence) platform, enabling querying and retrieving threat intelligence data through a standardized interface.
Malware Bazaar MCP
by mytechnotalent
Provides real-time threat intelligence and detailed malware sample metadata from Malware Bazaar through an AI‑driven MCP server, enabling authorized cybersecurity research workflows.
Okta
by kapilduraphe
This project provides an Okta MCP (Multi-Cloud Platform) server that enables Claude to interact with Okta's user management system, offering comprehensive user and group management capabilities along with onboarding automation.
Descope
by descope-sample-apps
descope-mcp-server-stdio is a Model Context Protocol (MCP) server that integrates Descope's Management APIs with applications like Claude Desktop. It enables users to manage user data and audit logs directly from their desktop environment.