Session Idle not working due to constant token refresh

[dkarv]

I have a standard deployment using KeyCloak as identity provider. My goal is to log out an user that is idle for too long, so for testing I configured the SSO Session Idle time in KeyCloak to 5 minutes. Token validity is 1 minute:

Now I would expect a user is logged out when not doing anything on the platform for 5 minutes and keeping the browser tab open. But this does not happen, because the OpenCloud frontend is refreshing the token every ~50 seconds and thus keeps the session active:

For comparison, I checked how the KeyCloak frontend behaves. It only refreshes the token once the user is actively doing something. So the automated logout works there as expected.

Is there an advanced configuration to adjust this behavior? How did others solve this?

[micbar]

@kulmann @rhafer fyi