Java Tomcat SAML Adaptor: What happens to saml auth session when client browser is closed?


We implemented the Keycloak 16.0.1 Java Tomcat Saml Adaptor in our web application. Seems to work, we see good saml auth with our ADFS IDP.

QUESTION What is supposed to happen when the client browser completes a successful saml auth for a protected URL, and then the user closes their web browser and then reopens? Isn’t the session destroyed in the browser? Shouldn’t the keycloak adaptor require re-auth via saml when the browser trys to go the same proteced URL?