Securing FastMCP Server-Client with Keycloak Using Ollama/LLaMA Stack in Python

MCP (Model Context Protocol) has become the standard translation layer between client applications and LLMs. However, authentication and authorization were missing from the initial specifications. A new specification has been introduced that provides authorization capabilities. Authorization is optional for the MCP implementation, but security is necessary for building an enterprise solution. This post will explore how to effectively secure a FastMCP server-client authentication using Ollama or using Ollama with the LLama Stack. By leveraging OpenID Connect (OIDC) with Keycloak, we will configure the FastMCP server to validate tokens from the client application.

MCP Authentication flow with Keycloak

We’ll walk through:

• Setting up a secured Keycloak realm and client
• Configuring the FastMCP server to validate access tokens
• Authenticating Python clients with Keycloak
• Running the Python FastMCP server and client

Prerequisites

• Python 3.10+
• Docker/Podman & Docker Compose
• Keycloak 25+
• https://github.com/astral-sh/uv
• Ollama installed (ollama serve)
• Keycloak Python…