2016-01-16 18:12:33,067 WARN [org.keycloak.events] (default task-30) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=UnileverHR, clientId=null, userId=null, ipAddress=180.107.103.49, error=identityProviderAuthenticationFailedMessage
2016-01-16 18:12:33,071 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-30) identityProviderAuthenticationFailedMessage: org.keycloak.broker.provider.IdentityBrokerException: Invalid code, please login again through your client.
at org.keycloak.services.resources.IdentityBrokerService.parseClientSessionCode(IdentityBrokerService.java:551)
at org.keycloak.services.resources.IdentityBrokerService.authenticated(IdentityBrokerService.java:251)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpoint.java:319)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoint.java:350)
at org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:165)
at org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:113)
at sun.reflect.GeneratedMethodAccessor73.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
In this case, we use the same account to lgoin from different clients at the same time. That is ,we may use two machines's browser to try to login into the same IDP account.
I am not sure this is a legal case or not .
Thanks a lot