Sebastien Blanc IMO any kind of interaction on the Admin UI should NOT be allowed, once the server session times out; regardless if the underlying call is going to an API that is not protected by Keycloak (it's http-basic there).

I think once we managed to implement AGPUSH-674 this will be gone