[keycloak-user] StaleCodeMessage on IDP Initiated SAML SSO
Chris Brandhorst
Chris.Brandhorst at topicus.nl
Wed Jan 11 04:59:27 EST 2017
Excuse us, we just found the updated documentation @ https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/clients/saml/idp-initiated-login.html
All works now, great!
On 11 Jan 2017, at 10:21, Chris Brandhorst <Chris.Brandhorst at topicus.nl<mailto:Chris.Brandhorst at topicus.nl>> wrote:
Don’t know if you get notifications on closed issues (I posted one in the JIRA issue), so I’ll also mention it here:
Thanks for the work, sadly on version 2.5.0-Final we still get the StaleCodeMessage. Is a change in the setup required?
On 18 Oct 2016, at 09:09, Chris Brandhorst <Chris.Brandhorst at topicus.nl<mailto:Chris.Brandhorst at topicus.nl><mailto:Chris.Brandhorst at topicus.nl>> wrote:
Done, see: https://issues.jboss.org/browse/KEYCLOAK-3731
On 17 Oct 2016, at 17:58, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com>> wrote:
Looks like it might be a bug. Can you create a JIRA please?
On 7 October 2016 at 22:43, Chris Brandhorst <Chris.Brandhorst at topicus.nl<mailto:Chris.Brandhorst at topicus.nl><mailto:Chris.Brandhorst at topicus.nl>> wrote:
I have two Keycloak instances, A is an IdP for B. From the login screen of B, this works as it should.
However, I can’t get IDP Initiated SSO from A to B to work. I filled the "IDP Initiated SSO URL Name” field with a name (say “bbbbb”) in A.
When I try to navigate to: http://aaaaa/auth/realms/his/protocol/saml/clients/bbbbb
i always end up with the following logging:
22:42:02,993 DEBUG [org.keycloak.services] (default task-23) Authorization code is not valid. Code: null
22:42:02,994 WARN [org.keycloak.events] (default task-23) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=127.0.0.1, error=staleCodeMessage
22:42:02,994 ERROR [org.keycloak.services] (default task-23) staleCodeMessage
Which in itself is not surprising, because indeed, there is no Authorization code in play here, but that’s the whole idea of IDP Initiated SSO, no?
What must I do to get this to work?
Thanks,
Chris Brandhorst
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list