[keycloak-user] Is An IDP - Initiated SSO to Broker Possible?
Josh Cain
jcain at redhat.com
Fri Nov 11 23:13:22 EST 2016
Hi all,
I'm attempting an IDP-initiated SSO (via unsolicited SAML Request)
against the Keycloak broker service. However, it's failing every time
on the IdentityBrokerService.authenticated(..) method. I get the
following error on the console:
22:05:04,945 ERROR [org.keycloak.services] (default task-61)
staleCodeMessage
This method seems to think that clients should *always* visit the
Keycloak IDP before returning with a SAML assertion, a the failure to
retrieve an associated client session is causing a serious issue. I am
able to successfully use the identity brokering functions if I use an
SP-initiated flow, so I know the brokering piece is configured
correctly.
Is this a limitation in the current implementation, or do I have
something configured incorrectly?
--
Josh Cain | Software Applications Engineer
Identity and Access
Management
Red Hat
+1 256-452-0150
More information about the keycloak-user
mailing list