[keycloak-user] User session creation

Hello all. This is a bit hard to explain. I have created a IDP which uses CAS ( Central Authentication Service) as its backend. Our KC instance is again used by a clients KC instance. They have chosen to disable their persistent cookie handling, and thereby our by passing "prompt=login" to the login request. We are passing on the prompt=login by passing on renew=true to CAS. We get a token back, and verify that. However; Since the user session is not refreshed by the cookie handling, it seems like we are then timing out intermittently. Is there a problem with creating/refreshing the user session in the authenticationFinished Method in the gist below? https://gist.github.com/hamnis/547c550a532be7e8235aa653725b2ba2 Thanks. /Erlend