<html><head></head><body><div style="color:#000; background-color:#fff; font-family:garamond, new york, times, serif;font-size:14px"><div id="yiv0700961759"><div id="yui_3_16_0_1_1452945384142_4965"><div style="color:#000;background-color:#fff;font-family:garamond, new york, times, serif;font-size:14px;" id="yui_3_16_0_1_1452945384142_4964"><div><span></span></div> <div class="yiv0700961759qtdSeparateBR" id="yui_3_16_0_1_1452945384142_4963"><br clear="none">One observation from keycloak log is as below:</div><div class="yiv0700961759qtdSeparateBR" id="yui_3_16_0_1_1452945384142_4963"><br></div><div class="yiv0700961759qtdSeparateBR" id="yui_3_16_0_1_1452945384142_4963" dir="ltr"><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">2016-01-16 18:12:33,067 WARN [org.keycloak.events] (default task-30) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=UnileverHR, clientId=null, userId=null, ipAddress=180.107.103.49, error=identityProviderAuthenticationFailedMessage<br id="yui_3_16_0_1_1452945384142_5089" class="">2016-01-16 18:12:33,071 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-30) identityProviderAuthenticationFailedMessage:<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.provider.IdentityBrokerException%3A&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5091" class=""> org.keycloak.broker.provider.IdentityBrokerException:</a> Invalid code, please login again through your client.<br id="yui_3_16_0_1_1452945384142_5093" class=""> at org.keycloak.services.resources.IdentityBrokerService.parseClientSessionCode(IdentityBrokerService.java:551)<br id="yui_3_16_0_1_1452945384142_5095" class=""> at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:251)<br id="yui_3_16_0_1_1452945384142_5097" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5099" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.handleLoginResponse(SAMLEndpoint.java:319)<br id="yui_3_16_0_1_1452945384142_5101" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5103" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.handleSamlResponse(SAMLEndpoint.java:350)<br id="yui_3_16_0_1_1452945384142_5105" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5107" class=""> org.keycloak.broker.saml.SAMLEndpoint</a>$Binding.execute(SAMLEndpoint.java:165)<br id="yui_3_16_0_1_1452945384142_5109" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java%3A113)&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5111" class=""> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:113)</a><br id="yui_3_16_0_1_1452945384142_5113" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fsun.reflect.GeneratedMethodAccessor73.invoke(Unknown&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5115" class=""> sun.reflect.GeneratedMethodAccessor73.invoke(Unknown</a> Source)<br id="yui_3_16_0_1_1452945384142_5117" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java%3A43)&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5119" class=""> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</a><br id="yui_3_16_0_1_1452945384142_5121" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Fjava.lang.reflect.Method.invoke(Method.java%3A606)&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5123" class=""> java.lang.reflect.Method.invoke(Method.java:606)</a><br id="yui_3_16_0_1_1452945384142_5125" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java%3A137)&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5127" class=""> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)</a><br id="yui_3_16_0_1_1452945384142_5129" class=""> at<a target="_blank" href="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxcheckurl?requrl=http%3A%2F%2Forg.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java%3A296)&skey=%40crypt_5dff0e86_317d3ab0e7e7186d5f1a7c87efc2d00e&deviceid=e753915105247870&pass_ticket=f2AsJOGfLeHD4CuiAowWLpF1jRIaoM1Zds568vAnF0YIqN3jz7HlinFX%252FfeGpkyE&opcode=2&scene=1&username=@8cc004f3d0e8453f3484410d6e869bb5e6bfebf1d5f0f863c368da5d91f28ca2" style="outline-width: 0px;" id="yui_3_16_0_1_1452945384142_5131" class=""> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)</a></pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087"><br></pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087"><br></pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">In this case, we use the same account to lgoin from different clients at the same time. That is ,we may use two machines's browser to try to login into the same IDP account. </pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">I am not sure this is a legal case or not . </pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087"><br></pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087">Thanks a lot</pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087"><br></pre><pre class="" ng-bind-html="message.MMActualContent" style="margin-top: 0px; margin-bottom: 0px; font-family: inherit; word-break: initial; line-height: 22.4px; background-color: rgb(178, 226, 129);" id="yui_3_16_0_1_1452945384142_5087"><br></pre></div><div class="yiv0700961759yqt6421535089" id="yiv0700961759yqt14815"></div></div></div></div><div class=".yiv0700961759yahoo_quoted"> <div style="font-family:garamond, new york, times, serif;font-size:14px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"><font size="2" face="Arial"> On Saturday, January 16, 2016 1:26 PM, Mai Zi <ornot2008@yahoo.com> wrote:<br clear="none"></font></div> <br clear="none"><br clear="none"> <div class="yiv0700961759y_msg_container"><div id="yiv0700961759"><div><div style="color:#000;background-color:#fff;font-family:garamond, new york, times, serif;font-size:14px;"><div id="yiv0700961759"><div id="yiv0700961759yui_3_16_0_1_1452921064910_2614"><div id="yiv0700961759yui_3_16_0_1_1452921064910_2613" style="color:#000;background-color:#fff;font-family:garamond, new york, times, serif;font-size:14px;"><div id="yiv0700961759"><div id="yiv0700961759yui_3_16_0_1_1452917054385_2655"><div id="yiv0700961759yui_3_16_0_1_1452917054385_2654" style="color:#000;background-color:#fff;font-family:garamond, new york, times, serif;font-size:14px;"><div id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">We user 1.7.0 final as SP to broke a SAML 2.0 IDP. We secure the realm for several clients . </div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Here is the demo link : <a rel="nofollow" shape="rect" id="yiv0700961759yui_3_16_0_1_1452921064910_2872" target="_blank" href="http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en">http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en</a></div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">The test account is </div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">ID : S2\Testnew2</div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Password : Daksh@123 </div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">We found keycloak works not stably . The response will be dead from time to time. </div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Pls take a try and help us . let me know what info you need.</div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559"><br clear="none"></div><div class="yiv0700961759" dir="ltr" id="yiv0700961759yui_3_16_0_1_1452828954911_3559">Mai</div></div></div></div></div></div></div></div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div></body></html>