I need to integration SAML Login with Keycloak to an Application that only allows Cookies that are HTTPOnly.
Is there an option to activate HTTPOnly for the Keycloak_session cookie? Or the disable the usage of the keycloak_session cookie?
We have an nginx in front of keycloak, but I could not get the "proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none; Secure; httponly; " to work. OIDC is not used at this server.
Or do you have other ideas how to solve this?