[keycloak-user] 401 for spring security adapter + spring boot + long session

[Aritz Maeztu]

I have an application where I want its users to be able to keep logged 
in during long time (about one year before the session ends). I'm using 
Spring Boot + Spring security and the keycloak Spring security adapter 
(2.5.4 final). The keycloak server is 2.2.1. What I've done:

Set up the realm to permit long lived sessions:

Session Idle: 365 days

Session max: 365 days

Offline session idle: 30 days

Access token lifespan: 1 Minute

Lifespan for implicit flow: 365 days

Then, in my application (single server and single keycloak client, 
confidential access type) I set up this environment variable:

server.session-timeout: 525600

Then in my front-end I've got AngularJs integrated, works as a Single 
page application and performs some routing without refreshing the whole 
page.

My problem:

When I leave the application idle (for around 30 minutes), after 
performing some request to any rest endpoint, I get 401 code. The 
application works again when I press F5 and refresh the page. The 
problem is only related when I access the REST endpoints while I don't 
request the whole page again.

Am I missing something?


-- 
Aritz Maeztu Otaño
Departamento Desarrollo de Software 
<https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942>
<http://www.tesicnor.com> 	

Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf. Aritz Maeztu: 948 68 03 06
Telf. Secretaría: 948 21 40 40

Antes de imprimir este e-mail piense bien si es necesario hacerlo: El 
medioambiente es cosa de todos.