Keycloak is ignoring SSO idle and max timeouts - what am I doing wrong?


I’m using Keycloak 12, running behind a reverse proxy (haproxy).

I have a realm that I am currently using with a couple different products (I self-host Nextcloud and RoundCube), and I am planning to use it with at least one website that I’m hoping to start working on, myself, soon.

I am using GitHub - pulsejet/nextcloud-oidc-login: Nextcloud login via a single OpenID Connect 1.0 provider to enable OIDC logins in Nextcloud. It works fine, but once I log in with a given web browser, I don’t want to have to log in again for two weeks.

My realm has SSO Session Idle set to 14 days, SSO Session Max set to 30 days, and Offline Session Idle set to 14 days. I am not overriding Client Session Idle, Client Session Max, Client Offline Session Idle or Client Offline Session max in the client’s config. Client Session Idle and Client Session Max are both set to 0 in the realm config.

Wondering what I’m doing wrong… Thanks for any help you can offer.