How to keep XWiki user authenticated after closing and reopening the browser (using Keycloak OIDC)?

v.zakharov · May 20, 2025, 12:42pm

Hi! I’m setting up XWiki with authentication through Keycloak (OIDC), and I’m facing an issue where the user gets logged out after closing and reopening the browser — even though the Keycloak session is still valid and the token hasn’t expired.
XWiki version: 17.3.0 docker compose postgres

After login, everything works correctly.
When the browser is closed and reopened:
- The JSESSIONID cookie is gone (because it doesn’t have Max-Age set and is treated as a session cookie).
- XWiki considers the session lost and requires the user to log in again.
Meanwhile, the Keycloak session is still active, and other services using the same Keycloak realm do not require re-authentication.

lukasM · May 20, 2025, 11:08pm

Hi, what are you seeing after reopening XWiki?
Is it the Keycloak Login Screen or some XWiki Page?

v.zakharov · May 21, 2025, 4:57am

Keycloak Login Screen
I found a solution:
I added an extra line in the Nginx configuration:
proxy_cookie_path / "/; Max-Age=32400; HttpOnly; Secure; SameSite=None";
Now the JSESSIONID cookie shows an expiration time.