[keycloak-user] Is An IDP - Initiated SSO to Broker Possible?

Hi all, I'm attempting an IDP-initiated SSO (via unsolicited SAML Request) against the Keycloak broker service.  However, it's failing every time on the IdentityBrokerService.authenticated(..) method.  I get the following error on the console: 22:05:04,945 ERROR [org.keycloak.services] (default task-61) staleCodeMessage This method seems to think that clients should *always* visit the Keycloak IDP before returning with a SAML assertion, a the failure to retrieve an associated client session is causing a serious issue.  I am able to successfully use the identity brokering functions if I use an SP-initiated flow, so I know the brokering piece is configured correctly.   Is this a limitation in the current implementation, or do I have something configured incorrectly? -- Josh Cain | Software Applications Engineer Identity and Access Management Red Hat +1 256-452-0150