One observation from keycloak log is as below:
2016-01-16 18:12:33,067 WARN [org.keycloak.events] (default task-30)
type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=UnileverHR, clientId=null, userId=null,
ipAddress=180.107.103.49, error=identityProviderAuthenticationFailedMessage
2016-01-16 18:12:33,071 ERROR [org.keycloak.services.resources.IdentityBrokerService]
(default task-30) identityProviderAuthenticationFailedMessage:
org.keycloak.broker.provider.IdentityBrokerException: Invalid code, please login again
through your client.
at
org.keycloak.services.resources.IdentityBrokerService.parseClientSessionCode(IdentityBrokerService.java:551)
at
org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:251)
at
org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:319)
at
org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:350)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:165)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:113)
at sun.reflect.GeneratedMethodAccessor73.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
In this case, we use the same account to lgoin from different clients at the same time.
That is ,we may use two machines's browser to try to login into the same IDP account.
I am not sure this is a legal case or not .
Thanks a lot
On Saturday, January 16, 2016 1:26 PM, Mai Zi <ornot2008(a)yahoo.com> wrote:
We user 1.7.0 final as SP to broke a SAML 2.0 IDP. We secure the realm for several
clients . Here is the demo link :
http://unihr.chinacloudapp.cn/campusNav/index.html?locale=en
The test account is
ID : S2\Testnew2Password : Daksh@123
We found keycloak works not stably . The response will be dead from time to time.
Pls take a try and help us . let me know what info you need.
Mai