OpenAM MCP server by maximthomas · Pull Request #935 · OpenIdentityPlatform/OpenAM

maximthomas · 2025-11-12T06:55:08Z

OpenAM MCP Server is a lightweight management service for OpenAM user accounts. It allows administrators to create, update, delete, and reset passwords for users, as well as retrieve authentication modules and chains configurations.

Copilot

Pull request overview

Adds a new openam-mcp-server Spring Boot module to the OpenAM reactor, providing an MCP (Model Context Protocol) management server that can manage users/realms and read auth module/chain configuration from OpenAM (with optional OAuth2-based authentication), plus initial unit tests and test fixtures.

Changes:

Adds a JDK17-activated Maven reactor profile to include the new openam-mcp-server module.
Implements MCP tools/services for users, realms, and authentication configuration, plus request authentication via a Spring MVC interceptor.
Adds basic Spring Boot + service-level tests and JSON fixtures for OpenAM REST responses.

Reviewed changes

Copilot reviewed 39 out of 39 changed files in this pull request and generated 27 comments.

Show a summary per file

File	Description
pom.xml	Adds a JDK17-activated profile to include `openam-mcp-server` in the reactor build.
openam-mcp-server/pom.xml	New Maven module with Spring Boot + Spring AI MCP server dependencies and build config.
openam-mcp-server/README.md	Module documentation, setup instructions, and tool list/examples.
openam-mcp-server/src/main/resources/application.yml	Default configuration for the MCP server and OpenAM connection/auth settings.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/OpenAmMcpServerApplication.java	Spring Boot app entrypoint; RestClient + tool registration beans.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/config/OpenAMConfig.java	`@ConfigurationProperties` record for OpenAM connection/auth settings.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/config/WebConfig.java	Registers the authentication interceptor for `/mcp/**`.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/controller/OAuth2Controller.java	Proxies OpenAM OAuth2 `.well-known` endpoints through this server.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java	Auth flow (username/password or OAuth2), token caching, and request token propagation.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/service/OpenAMAbstractService.java	Base service logic for retrieving the request token and default realm.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/service/UserService.java	MCP tools for listing users, setting attributes/passwords, creating and deleting users.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/service/RealmService.java	MCP tool for listing realms.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/service/AuthenticationConfigService.java	MCP tools for listing auth modules, chains, and available module types; schema/settings mapping.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/SearchResponseDTO.java	DTO for OpenAM list/search responses.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/UserDTO.java	DTO for OpenAM user JSON.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/User.java	Public user model returned by MCP tools.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/RealmDTO.java	DTO for OpenAM realm JSON.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/Realm.java	Public realm model returned by MCP tools.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/PropertySchemaDTO.java	DTO for module schema property metadata.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/CoreAuthModuleDTO.java	DTO for “all available auth module types” response.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/CoreAuthModule.java	Public model for available auth module types.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/AuthModuleSchemaDTO.java	DTO for module schema response.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/AuthModuleDTO.java	DTO for realm auth module instances.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/AuthModule.java	Public auth module model with settings map.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/AuthChainDTO.java	DTO for auth chain response.
openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/AuthChain.java	Public auth chain model with resolved module names.
openam-mcp-server/src/test/java/org/openidentityplatform/openam/mcp/server/OpenAmMcpServerApplicationTests.java	Spring context smoke test.
openam-mcp-server/src/test/java/org/openidentityplatform/openam/mcp/server/service/OpenAMServiceTest.java	Shared RestClient/RequestContextHolder mocking setup for service tests.
openam-mcp-server/src/test/java/org/openidentityplatform/openam/mcp/server/service/UserServiceTest.java	Unit tests for user-related tool methods.
openam-mcp-server/src/test/java/org/openidentityplatform/openam/mcp/server/service/RealmServiceTest.java	Unit test for realm listing.
openam-mcp-server/src/test/java/org/openidentityplatform/openam/mcp/server/service/AuthenticationConfigServiceTest.java	Unit tests for auth chain/module listing.
openam-mcp-server/src/test/resources/users/users-list-response.json	Test fixture for OpenAM user list response.
openam-mcp-server/src/test/resources/users/user-response.json	Test fixture for OpenAM user response.
openam-mcp-server/src/test/resources/realms/realms-response.json	Test fixture for OpenAM realm list response.
openam-mcp-server/src/test/resources/auth/modules-response.json	Test fixture for realm auth module instances response.
openam-mcp-server/src/test/resources/auth/module-settings-response.json	Test fixture for module settings response.
openam-mcp-server/src/test/resources/auth/module-schema-response.json	Test fixture for module schema response.
openam-mcp-server/src/test/resources/auth/chains-response.json	Test fixture for realm auth chains response.
openam-mcp-server/src/test/resources/auth/all-modules-response.json	Test fixture for “all available auth module types” response.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

openam-mcp-server/README.md

...erver/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java

...ain/java/org/openidentityplatform/openam/mcp/server/service/AuthenticationConfigService.java

...erver/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java

...erver/src/test/java/org/openidentityplatform/openam/mcp/server/service/RealmServiceTest.java

...mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/service/UserService.java

openam-mcp-server/src/main/resources/application.yml

...erver/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java

...er/src/main/java/org/openidentityplatform/openam/mcp/server/controller/OAuth2Controller.java

openam-mcp-server/src/main/java/org/openidentityplatform/openam/mcp/server/model/Realm.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Copilot

Pull request overview

Copilot reviewed 40 out of 40 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

openam-mcp-server/pom.xml

...erver/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java

...ain/java/org/openidentityplatform/openam/mcp/server/service/AuthenticationConfigService.java

...erver/src/main/java/org/openidentityplatform/openam/mcp/server/security/AuthInterceptor.java

...er/src/main/java/org/openidentityplatform/openam/mcp/server/controller/OAuth2Controller.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

maximthomas added 8 commits November 5, 2025 10:17

Add OpenAM MCP Server to the OpenAM Tools list

b037c11

OpenAM MCP Server: authentication configuration

04a7d19

OpenAM MCP Server: authentication configuration modules

deeee5c

OpenAM MCP Server: update Spring AI, add copyright

6c242f6

Merge remote-tracking branch 'origin/master' into openam-mcp-server

0bd6e47

Merge branch 'master' into openam-mcp-server

dd315fd

Update OpenAM parent version for MCP Server

efd2618

Update README.md

f99534a

maximthomas requested a review from vharseko November 12, 2025 06:55

Move OpenAM MCP server to root project

4ea608a

vharseko approved these changes Nov 12, 2025

View reviewed changes

OpenAM MCP Server: update Spring Boot and Spring AI

b6dd003

vharseko approved these changes Dec 24, 2025

View reviewed changes

vharseko added the AI label Mar 24, 2026

vharseko requested a review from Copilot March 26, 2026 11:05

Copilot started reviewing on behalf of vharseko March 26, 2026 11:06 View session

Copilot AI reviewed Mar 26, 2026

View reviewed changes

maximthomas and others added 13 commits March 27, 2026 12:30

Update openam-mcp-server/README.md

2771dd9

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Merge remote-tracking branch 'origin/master' into openam-mcp-server

4e9c188

Update parent version for openam-mcp-server

b12dcc8

Apply suggestions from code review

47fee25

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Apply suggestions from code review

9e6920a

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

fix compilation error

c1ab9e1

change default password for the admin user

0a83382

OpenAM MCP Server: update Spring Boot and Spring AI

8cb18ad

Add AuthInterceptorTest

499b1c1

fix failing tests

2113f19

add create user tests

4f3107c

Extend IGNORE_HEADERS list for OAuth2Controller

c966d81

Prevent preHandleOAuth recursion for AuthInterceptor

133509c

Encode path parameters for UserService

96c5160

vharseko requested a review from Copilot March 30, 2026 17:25

Copilot started reviewing on behalf of vharseko March 30, 2026 19:38 View session

Copilot AI reviewed Mar 30, 2026

View reviewed changes

maximthomas and others added 3 commits March 31, 2026 10:45

Apply suggestions from code review

fb5c92f

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

getAvailableModuleListTest

9be7128

Encode path parameters for AuthenticationConfigService

9ec20d5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OpenAM MCP server#935

OpenAM MCP server#935
maximthomas wants to merge 27 commits intoOpenIdentityPlatform:masterfrom
maximthomas:openam-mcp-server

maximthomas commented Nov 12, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

maximthomas commented Nov 12, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants