On timeout - we invoke "Auth.logout" from Keycloak.js, in our code:
https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/admin-ui/app/scripts/controllers/IdleController.js#L45

Since it has some issues only after a long time after being logged out - I am wondering if that's related to the servlet session lifetime, which does serve the "login dialog" after the redirect ?