Secure Remote

v1.0.0Securitystable

Acts as an AI Gateway for MCP servers using Azure API Management, implementing the latest MCP Authorization specification.

secure-remote-mcp-servermcpai-integration
Share:
122
Stars
0
Downloads
0
Weekly
0/5

What is Secure Remote?

Secure Remote is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to acts as an ai gateway for mcp servers using azure api management, implementing the latest mcp authorization specification.

Acts as an AI Gateway for MCP servers using Azure API Management, implementing the latest MCP Authorization specification.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Acts as an AI Gateway for MCP servers using Azure API Manage

Use Cases

Secure MCP server access using Azure API Management.
Implement MCP Authorization specification for secure remote connections.
Azure-Samples

Maintainer

LicenseMIT License
Languagebicep
Versionv1.0.0
UpdatedMay 19, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx secure-remote-mcp-server

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Secure Remote

The Secure Remote MCP Server is an Azure-hosted reference implementation that acts as a secure AI gateway for MCP servers, built on Azure API Management (APIM) and Azure Functions. It implements the full MCP Authorization specification using OAuth 2.0 with PKCE, Microsoft Entra ID for identity, session key encryption, and managed identities — so organisations can expose MCP tools to AI assistants over the internet without leaving security as an afterthought. It is designed as a production-grade pattern for enterprises that need auditable, authenticated, and policy-enforced MCP access.

Prerequisites

  • An active Azure subscription with Contributor access
  • Azure CLI and Azure Developer CLI (azd) installed
  • Python 3.11+ (for the Azure Functions backend)
  • Microsoft Entra ID (Azure Active Directory) tenant for OAuth identity
  • An MCP-compatible AI client that supports remote SSE transport (e.g., Claude Desktop, MCP Inspector)
1

Register the Microsoft.App resource provider

Before deploying, ensure the required Azure resource provider is registered in your subscription. This only needs to be done once per subscription.

az provider register --namespace Microsoft.App --wait
2

Clone the repository and initialise the Azure Developer CLI project

Clone the sample repository and let azd discover the infrastructure-as-code templates (Bicep) and application code.

git clone https://github.com/Azure-Samples/remote-mcp-apim-functions-python.git
cd remote-mcp-apim-functions-python
azd init
3

Deploy all Azure resources with azd up

A single command provisions API Management, the Azure Function App, Entra ID app registrations, Key Vault for encryption keys, and all supporting resources. Deployment takes approximately 10-20 minutes.

azd up
4

Note the deployed APIM gateway URL

After 'azd up' completes, the SSE endpoint URL and OAuth metadata URL are printed to the console. Save these — you will need them for MCP client configuration and for testing with the MCP Inspector.

5

Test the deployment with MCP Inspector

Use the official MCP Inspector to connect to the SSE endpoint and verify that OAuth, tool listing, and tool invocation all work correctly.

npx @modelcontextprotocol/inspector
6

Configure your MCP client to use the remote gateway

Add the APIM SSE endpoint to your MCP client config. The client will be redirected through the OAuth flow on first connection.

{
  "mcpServers": {
    "secure-remote-mcp": {
      "url": "https://<your-apim-name>.azure-api.net/mcp/sse"
    }
  }
}

Secure Remote Examples

Client configuration

Example claude_desktop_config.json pointing to the Azure APIM SSE endpoint deployed by azd up. Replace the APIM name with your actual deployed instance.

{
  "mcpServers": {
    "secure-remote-mcp": {
      "url": "https://your-apim-instance.azure-api.net/mcp/sse"
    }
  }
}

Prompts to try

Example prompts once connected to the secure remote MCP gateway and its sample tools.

- "List the tools available on the secure remote MCP server"
- "Create a new code snippet with the title 'hello world' and content 'print(Hello)'"
- "Retrieve the code snippet I just created"
- "What OAuth scopes does this MCP server require?"

Troubleshooting Secure Remote

azd up fails with 'subscription not registered' for Microsoft.App

Run 'az provider register --namespace Microsoft.App --wait' and wait for the registration to complete before retrying 'azd up'. Registration can take a few minutes.

MCP client gets 401 Unauthorized when connecting to the SSE endpoint

The server enforces OAuth 2.0 with PKCE. Your MCP client must support the MCP Authorization flow. Use the MCP Inspector first to complete the OAuth handshake manually and confirm the Entra ID app registration (McpClientId) is correctly configured in the APIM Named Values.

Deployment succeeds but tools return 500 errors

Check the Azure Function App logs in the Azure Portal (Monitor > Log stream). The function-host-key Named Value in APIM must match the Function App's host key. Re-run 'azd up' or manually update the Named Value in APIM.

Frequently Asked Questions about Secure Remote

What is Secure Remote?

Secure Remote is a Model Context Protocol (MCP) server that acts as an ai gateway for mcp servers using azure api management, implementing the latest mcp authorization specification. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Secure Remote?

Follow the installation instructions on the Secure Remote GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Secure Remote?

Secure Remote works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Secure Remote free to use?

Yes, Secure Remote is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

Secure Remote Alternatives — Similar Security Servers

Looking for alternatives to Secure Remote? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "secure-remote-mcp-server": { "command": "npx", "args": ["-y", "secure-remote-mcp-server"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Secure Remote?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides