Identity for AI

Secure a Cloudflare Workers MCP Server with PingFederate

This Model Context Protocol (MCP) server, powered by Cloudflare Workers, functions as a resource server within the OAuth architecture. It validates incoming requests and facilitates token exchange, ensuring secure communication between the MCP client and downstream APIs.

Refer to the Ping Identity cloudflare-mcp Git repository.

This is a demo template designed to help you get started quickly. While we have implemented several security controls, you must implement all preventive and defense-in-depth security measures before deploying to production. Refer to Security Best Practices.

How does it work?

This architecture bridges the stateless nature of Cloudflare workers with the stateful requirements of an authenticated MCP session.

Authentication and Client Bootstrapping

When an unregistered MCP client tries to connect to the MCP server without a token, the server provides the necessary details for the client to perform Dynamic Client Registration (DCR) on the fly. This allows the client to handle the user login and consent with PingFederate automatically, provisioning the tokens required to both connect to the MCP server and for the MCP server to execute delegated token exchanges.

This implementation utilizes Dynamic Client Registration (DCR) to handle client onboarding.

While the MCP protocol recommends Client ID Metadata Document (CIMD) as the new standard, DCR remains the only production-ready option currently supported by enterprise identity providers like PingFederate.

Future versions of this architecture may transition to CIMD as support becomes available.

Cloudflare Agents (State & Transport)

The MCP server extends the McpAgent class, which automatically wraps the MCP logic in a durable object. This handles the following infrastructure requirements:

Session Persistence

It creates a dedicated, isolated environment for each MCP connection and securely persists the PingFederate tokens in the durable object’s storage (this.props).

Network Transport

The agent manages the raw HTTP connection. It accepts incoming requests and keeps the response open as a Server-Sent Events (SSE) stream, enabling the Durable Object to push real-time updates back to the client over the single endpoint.

MCP SDK (Tool Logic)

The official @modelcontextprotocol/sdk is used to define the actual capabilities of the MCP server. Inside the agent is an McpServer instance which manages the serialization of JSON-RPC messages and tool definitions.

Before you begin

  1. Deploy the Todo API.

  2. Deploy the MCP server.

The API you use here can be any PingFederate-secured API. This tutorial uses a Cloudflare Workers API, but the goal is to demonstrate how any API can be connected to an MCP server with this architecture.

Tasks

  1. Access the remote MCP server from the Cloudflare Workers AI LLM Playground

    1. Go to https://playground.ai.cloudflare.com.

    2. Connect to your MCP server using the following URL pattern:

      https://remote-mcp-ping-federate.<your-subdomain>.workers.dev/mcp

  2. Access the remote MCP server from Claude Desktop.

    1. Open Claude Desktop and go to Settings > Developer > Edit Config.

      This opens the configuration file that controls which MCP servers Claude can access.

    2. Replace the content with the following configuration, and then save:

      {
  "mcpServers": {
    "todo-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://remote-mcp-ping-federate.<ENV>.workers.dev/mcp"
      ]
    }
  }
}

    3. Restart Claude Desktop.

      A browser window opens showing your OAuth sign-on page.

    4. Complete the authentication flow to grant Claude access to your MCP server.

      After granting access, the tools are available for you to use.

    5. You can ask Claude to use the tools that populate the Tools list. For example: "Can you tell me what is in my Todo list?"

      Claude invokes the tool and shows the result generated by the MCP server.