Getting started with IBM Workflow Runtime MCP Server

Edit online

Connect the IBM Workflow Runtime MCP Server to MCP clients such as watsonx Orchestrate and other Model Context Protocol (MCP) applications.

IBM Workflow Runtime provides two MCP servers: a process MCP server for process and task tools, and a case MCP server for case-related tools. Use an MCP client that supports remote MCP servers over Streamable HTTP and OAuth 2.0 or 2.1 authorization code flow. Tools for the process and case MCP servers can be combined. To do that you need to add both MCP servers to your MCP client,

The IBM Workflow Runtime MCP Server is an optional component that needs to be configured.

1. Prepare endpoint information

Obtain the external endpoints for the Workflow Runtime MCP Server from the CP4BA access information ConfigMap. You need to register the process MCP server when you want process and task tools, and the case MCP server when you want case-related tools.

The mcp-access-info section contains entries such as:
Workflow Runtime MCP Server Process URL: https://<host>/<mcp-instance-id>/process/mcp
Workflow Runtime MCP Server Case URL: https://<host>/<mcp-instance-id>/case/mcp
Workflow Runtime MCP Server Token Endpoint: https://<host>/workflow-runtime-mcp-server-ins1/token
Workflow Runtime MCP Server Authorization Endpoint: https://<host>/idprovider/v1/auth/authorize

2. Register an OAuth client

Register an OAuth client to get a client ID and client Secret. The redirect_uris needs to match the redirect_uris of your MCP client such as watsonx Orchestrate. Refer to the documentation of the MCP client on how to get the correct redirect URI. For more information on registering an OAuth Client, see Client Registration API. For more information on getting an access token, see Preparing to run API commands.

{
  "client_name": "<your client name",
  "redirect_uris": [
    "<your client specific redirect uri(s)"
  ],
  "grant_types": [
    "authorization_code",
    "refresh_token"
  ],
  "response_types": [
    "code",
    "token"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "scope": "openid profile",
  "preauthorized_scope": "openid profile",
  "subject_type": "public"
}

3. Prepare OAuth information

You need these OAuth values for the currently supported OAuth 2.0 or 2.1 authorization code flow:

  • Client ID - from the OAuth client that was created in Step 2.
  • Client Secret - from the OAuth client that was created in Step 2.
  • Authorization endpoint: from the access information ConfigMap.
  • Token endpoint: from the access information ConfigMap.
  • Scope: openid.

Client integration

For more information on how to add a remote MCP server with OAuth authentication code flow, see the documenation of your MCP client. For watsonx Orchestrate, see MCP servers.