This is my requirement
If a user logins via keycloak without ticking "remember me", I need the session on keycloak to timeout after 20 minutes. (in case its idle)
If a user logins via keycloak ticking "remember me", I need the user to be "remembered" on keycloak for 12 weeks irrespective of whether the user continues to interact with keycloak or not. Something like facebook.
Just saw this thread as well
Hope my requirement is clear.
Currently the remember me token invalidates if the SSO Session Max Lifespan or SSO Session Idle Timeout expires. The remember me token should be independant to the session time.