<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
The external SAML IDP is not setting RelayState correctly.� It is
supposed to pass it as is.<br>
<br>
<div class="moz-cite-prefix">On 1/16/2016 8:34 AM, Mai Zi wrote:<br>
</div>
<blockquote
cite="mid:731258399.5469994.1452951262540.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:garamond, new york, times, serif;font-size:14px">
<div id="yiv0700961759">
<div id="yui_3_16_0_1_1452945384142_4965">
<div
style="color:#000;background-color:#fff;font-family:garamond,
new york, times, serif;font-size:14px;"
id="yui_3_16_0_1_1452945384142_4964">
<div><span></span></div>
<div class="yiv0700961759qtdSeparateBR"
id="yui_3_16_0_1_1452945384142_4963"><br clear="none">
One observation from keycloak log is as below:</div>
<div class="yiv0700961759qtdSeparateBR"
id="yui_3_16_0_1_1452945384142_4963"><br>
</div>
<div class="yiv0700961759qtdSeparateBR"
id="yui_3_16_0_1_1452945384142_4963" dir="ltr">
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">2016-01-16 18:12:33,067 WARN [org.keycloak.events] (default task-30) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=UnileverHR, clientId=null, userId=null, ipAddress=180.107.103.49, error=identityProviderAuthenticationFailedMessage
2016-01-16 18:12:33,071 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-30) identityProviderAuthenticationFailedMessage:<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.provider.IdentityBrokerException%3A&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5091" class=""> org.keycloak.broker.provider.IdentityBrokerException:</a> Invalid code, please login again through your client.
at org.keycloak.services.resources.IdentityBrokerService.parseClientSessionCode(IdentityBrokerService.java:551)
at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:251)
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5099" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.handleLoginResponse(SAMLEndpoint.java:319)
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5103" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.handleSamlResponse(SAMLEndpoint.java:350)
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5107" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.execute(SAMLEndpoint.java:165)
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint.postBinding%28SAMLEndpoint.java%3A113%29&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5111" class=""> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:113)</a>
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fsun.reflect.GeneratedMethodAccessor73.invoke%28Unknown&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5115" class=""> sun.reflect.GeneratedMethodAccessor73.invoke(Unknown</a> Source)
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fsun.reflect.DelegatingMethodAccessorImpl.invoke%28DelegatingMethodAccessorImpl.java%3A43%29&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5119" class=""> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</a>
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fjava.lang.reflect.Method.invoke%28Method.java%3A606%29&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5123" class=""> java.lang.reflect.Method.invoke(Method.java:606)</a>
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.jboss.resteasy.core.MethodInjectorImpl.invoke%28MethodInjectorImpl.java%3A137%29&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5127" class=""> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)</a>
at<a moz-do-not-send="true" target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget%28ResourceMethodInvoker.java%3A296%29&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5131" class=""> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)</a></pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">
</pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">
</pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">In this case, we use the same account to lgoin from different clients at the same time. That is ,we may use two machines's browser to try to login into the same IDP account. </pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">I am not sure this is a legal case or not . </pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">
</pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">Thanks a lot</pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">
</pre>
<pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">
</pre>
</div>
</div>
</div>
</div>
<div class=".yiv0700961759yahoo_quoted">
<div style="font-family:garamond, new york, times,
serif;font-size:14px;">
<div style="font-family:HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px;">
<div dir="ltr"><font size="2" face="Arial"> On Saturday,
January 16, 2016 1:26 PM, Mai Zi
<a class="moz-txt-link-rfc2396E" href="mailto:ornot2008@yahoo.com"><ornot2008@yahoo.com></a> wrote:<br clear="none">
</font></div>
<br clear="none">
<br clear="none">
<div class="yiv0700961759y_msg_container">
<div id="yiv0700961759">
<div>
<div
style="color:#000;background-color:#fff;font-family:garamond,
new york, times, serif;font-size:14px;">
<div id="yiv0700961759">
<div
id="yiv0700961759yui_3_16_0_1_1452921064910_2614">
<div
id="yiv0700961759yui_3_16_0_1_1452921064910_2613"
style="color:#000;background-color:#fff;font-family:garamond,
new york, times, serif;font-size:14px;">
<div id="yiv0700961759">
<div
id="yiv0700961759yui_3_16_0_1_1452917054385_2655">
<div
id="yiv0700961759yui_3_16_0_1_1452917054385_2654"
style="color:#000;background-color:#fff;font-family:garamond,
new york, times,
serif;font-size:14px;">
<div
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">We
user 1.7.0 final �as SP to broke a
SAML 2.0 IDP. � �We secure the realm
for several clients .�</div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Here
is the �demo link : �<a
moz-do-not-send="true"
rel="nofollow" shape="rect"
id="yiv0700961759yui_3_16_0_1_1452921064910_2872"
target="_blank"
href="http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en"><a class="moz-txt-link-freetext" href="http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en">http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en</a></a></div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">The
test account is �</div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">ID
: S2\Testnew2</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Password
: Daksh@123�</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">We
found keycloak works not stably .
�The response will �be dead from
time to time.�</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Pls
take a try and help us . let me know
what info you need.</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br
clear="none">
</div>
<div class="yiv0700961759" dir="ltr"
id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Mai</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br clear="none">
<br clear="none">
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>