[keycloak-user] 401 for spring security adapter + spring boot + long session

I have an application where I want its users to be able to keep logged in during long time (about one year before the session ends). I'm using Spring Boot + Spring security and the keycloak Spring security adapter (2.5.4 final). The keycloak server is 2.2.1. What I've done: Set up the realm to permit long lived sessions: Session Idle: 365 days Session max: 365 days Offline session idle: 30 days Access token lifespan: 1 Minute Lifespan for implicit flow: 365 days Then, in my application (single server and single keycloak client, confidential access type) I set up this environment variable: server.session-timeout: 525600 Then in my front-end I've got AngularJs integrated, works as a Single page application and performs some routing without refreshing the whole page. My problem: When I leave the application idle (for around 30 minutes), after performing some request to any rest endpoint, I get 401 code. The application works again when I press F5 and refresh the page. The problem is only related when I access the REST endpoints while I don't request the whole page again. Am I missing something? -- Aritz Maeztu Otaño Departamento Desarrollo de Software <https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942> <http://www.tesicnor.com> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra) Telf. Aritz Maeztu: 948 68 03 06 Telf. Secretaría: 948 21 40 40 Antes de imprimir este e-mail piense bien si es necesario hacerlo: El medioambiente es cosa de todos.