Okay, I think I located why the "Possible Login Attack Detected" happens. It turns out the client provided session response is NOT returned if you attempt to login with an identity NOT associated with any accounts, and account creation is disabled, resulting in that situation, where the client provided session is left hanging.
Okay, I think I located why the "Possible Login Attack Detected" happens. It turns out the client provided session response is NOT returned if you attempt to login with an identity NOT associated with any accounts, and account creation is disabled, resulting in that situation, where the client provided session is left hanging.