I suspect the issue is down to the HTTP sessions ot the Keycloak Proxy timing out. The default timeout is 30 minutes and we don't currently have a way of configuring that in the Keycloak Proxy. Can you create a JIRA for it?

On 23 June 2016 at 03:04, Chris Pitman <cpitman@redhat.com> wrote:

----- Original Message -----

>
> Quite likely it's the session that is no longer valid, not just the token.
> If the access token is not valid (this is 5min by default) it will be
> refreshed by the proxy (valid as long as the user session is valid).
>
> Once the user session is no longer valid the user is required to
> re-authenticate to Keycloak which causes the redirect to Google. This
> happens by default after the session has been idle 30 min (no token
> refreshes) or after 10 hours. You can change the timeouts through the admin
> console.
>

I've tried setting both "SSO Session Idle" and "SSO Session Max" to 1 Day, but see this issue where the proxy redirects to keycloak which redirects to google after about 1 hour. Is there another setting I need to change?