MCP Server Listener
MCP Server Listener
The MCP Server Listener is a consumer component that enable ConnectPlaza user to expose ConnectPlaza Flows as MCP Tools.
MCP is the protocol that is used by MCP Clients, I.E. the AI Chat applications, in order to access datasources, applications and other forms of integration for use with the AI’s LLM. This protocol considers these integrations ‘Tools’ and these tools can be used by the AI to discover data and information which would otherwise be hidden from the AI’s reach.
In short the AI Chat application which speaks to the LLM can provide a Prompt for a user to ask questions. These questions may be pertinent to specific data in de user’s infrastructure which is not availble online. The user may use this MCP Server Listener to expose the ConnectPlaza Flow as a Tool, making it available for connection by the AI Client through the MCP protocol. The AI app can then request additional information from this Tool (which in fact is a ConnectPlaza flow) and send this additional data to the AI’s LLM for further processing.
For more information see this page about AI, MCP and ConnectPlaza’s focus on these area’s.
Communcation from the MCP Client will be done in a JSON-RPC format. This format may contain tool-parameters which are mapped into this format. The JSON-RPC message will be converted into a ConnectMessage with a String messagepart which can be accessed using JSON Path.
Every MCP Listener will be connected to the HTTP Host and Port and together with the Context path (which defaults to /). The Server will automatically add /sse to the context path. This will form an unique triplet and therefor internally one MCP Server. Listeners which are configured on other Host, Port or Context path will automatically open a new MCP Server. Each MCP Listener will expose exactly one Tool on its designated MCP Server with specified configuration. When all MCP Listeners that form a MCP Server are either undeployed or destroyed, and all Tools are deregistered, the MCP Server itself will automatically be removed.
Currently the MCP Server Listener supports only HTTP with SSE (Server-sent Events), it does not support STDIO as the MCP Client must access the Agent through HTTP(S). As with other HTTP based Listeners this Consumer also support TLS and supports either BASIC authentication or Oauth2 based authentication identical to the REST Listener. For more information see the REST Listener’s security documentation which applies here.
In the table below, you will find an explanation of these properties. All attributes with a ‘*’ are mandatory.
|
Attribute |
Description |
|
Name* |
By default, we fill this out with the technical ‘tag’, followed by a serial number. Changing the name is optional. |
|
Enabled |
Set this value to true, if you want this service to be enabled. |
|
Hostname |
Hostname used to create the endpoint |
|
Port |
Port number. The default is the Jetty port. |
|
Context Path |
Path on which to open webservice endpoint. A custom Context Path should always start with a forward slash (/). So for instance: "/CustomPath". |
|
Method |
Specify which HTTP Methods are allowed (GET/POST/HEAD/OPTIONS/PUT/PATCH/DELETE/TRACE). You may also use a comma separated list. Input can be done by clicking in the lower part of the box. A drop-down menu will appear and you can select, or type your selection: |
|
MessagePartName |
Name of the MessagePart in a ConnectMessage where the content of the file is being stored. |
|
Response Timeout |
Time in milliseconds to wait before time-out. |
|
Enable TLS |
Enables TLS Connector. When set to true, the keystore value and alias value should be set. Otherwise, the defaults will be used. |
|
Certificate alias in Keystore
|
This attribute is only visible when the attribute Enable TLS has value true. Set the certificate alias for the selected server certificate. Should exist in defined keystore. |
|
Key password
|
This attribute is only visible when advanced mode is enabled, and the attribute Enable TLS has value true. Password for the certificate key. If left empty the default key password will be used. |
|
Keystore location
|
This attribute is only visible when advanced mode is enabled, and the attribute Enable TLS has value true. The location of the keystore. Should be a path to the keystore JKS file. If left empty the default keystore will be used. |
|
Keystore password
|
This attribute is only visible when advanced mode is enabled, and the attribute Enable TLS has value true. Password of the keystore. If left empty the default keystore password will be used. |
|
Authentication Realm |
Provide an Authentication file from Resources to specify configured Authentication for selected Scheme. See chapter on Providing Authentication for HTTP/WS Listeners. For more information, follow this link. |
|
Authentication Scheme |
Select desired Authentication Schema (NONE, BASIC, JDBC, LDAP, OAUTH2_OIDC_ISSUER_URI, OAUTH2_OIDC_JWK_SET_URI). See chapter on Providing Authentication for HTTP/WS Listeners and the section on OAuth2/OIDC security on this page. For more information, follow this link. |
|
Issuer URI |
If Authentication Scheme is set to OAUTH2_OIDC_ISSUER_URI, you are required to provide an OAuth2/OIDC issuer url. See the section above on OAuth2/OIDC Security. |
|
JWK Set URI |
If Authentication Scheme is set to OAUTH2_OIDC_JWK_SET_URI, you are required to provide a JSON Web Key (JWK) Set URI. See the section above on OAuth2/OIDC Security. |
|
OAuth2/OIDC Scope |
If Authentication Scheme is set to OAuth2/OIDC, you can optionally specify that access tokens are required to have a certain scope. In the case of JWTs this is a scope included in the scopes claim. Note that you can currently only specify a single scope. If left empty, no further requirements are imposed on access tokens. |
|
JWT Claim Expression |
Only available if Authentication Scheme is set to OAuth2/OIDC. The JSON Web Token (JWT) claim expression can be used to allow or deny requests based on the claims inside the access token (provided it is a JWT) used by OAuth2/OIDC. See the documentation above for more information. |
|
Include JWT in ConnectMessage |
NOTE: This attribute is only visible when the attribute Authentication Scheme has value OAUTH2_OIDC_ISSUER_URI, or OAUTH2_OIDC_JWK_SET_URI. If enabled, the JWT claims will be included in the ConnectMessage as a text messagepart. The JWT claims will be in JSON format. You can use JSONPath expressions to extract specific claims from the messagepart. |
|
JWT Claims MessagePart Name |
NOTE: This attribute is only visible when the attribute Include JWT in ConnectMessage has value true. The name of the message part that will contain the JWT claims. |
|
Tool name |
This will specify the unique name of the tool. This name cannot be reused in other tools. MCP will propagate this flow as a tool under this name. |
|
Tool Description |
A description of this tool, which will also be propagated by MCP |
|
Tool-Parameters |
For every tool there is the option specify one or more tool-parameters. Each parameter can specified by a name and a type (string / number). These tool-parameters will be propagated to de MCP Client and the MCP Client may provide values for these parameters in the JSON RPC message. |