Set Keycloak_session HTTPOnly


I need to integration SAML Login with Keycloak to an Application that only allows Cookies that are HTTPOnly.

Is there an option to activate HTTPOnly for the Keycloak_session cookie? Or the disable the usage of the keycloak_session cookie?

We have an nginx in front of keycloak, but I could not get the "proxy_cookie_path ~^/(.+)$ "/$1; SameSite=none; Secure; httponly; " to work. OIDC is not used at this server.

Or do you have other ideas how to solve this?

Thank you!