Nextcloud session lifetime is shorter than SSO token lifetime

[natoponen]

Steps to reproduce

1. Login to nextcloud with SSO.
2. Wait some time till the nextcloud session expires.
3. You are being redirected to the login page.

Expected behaviour

Nextcloud session lives longer than SSO token.

Actual behaviour

Nextcloud session lives less than SSO token.

Server configuration

Web server: docker container (https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud)

Nextcloud version: 24.0.1

List of activated apps:

Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - bruteforcesettings: 2.4.0
  - circles: 24.0.0
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_pdfviewer: 2.5.0
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - groupfolders: 12.0.1
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - onlyoffice: 7.5.4
  - password_policy: 1.14.0
  - photos: 1.6.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - recommendations: 1.3.0
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - support: 1.7.0
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - twofactor_backupcodes: 1.13.0
  - updatenotification: 1.14.0
  - user_saml: 5.0.2
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflowengine: 2.6.0
Disabled:
  - admin_audit
  - encryption
  - files_external
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "docs.local:9443",
            "nginx-server"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "sqlite3",
        "version": "24.0.1.1",
        "installed": true,
        "onlyoffice": {
            "DocumentServerUrl": "\/ds-vpath\/",
            "DocumentServerInternalUrl": "http:\/\/onlyoffice-document-server\/",
            "StorageUrl": "http:\/\/nginx-server\/"
        },
        "overwriteprotocol": "https",
        "remember_login_cookie_lifetime": "1296000",
        "session_lifetime": "604800",
        "session_keepalive": "true"
    },
    "apps": {

        ...

        "user_saml": {
            "installed_version": "5.0.2",
            "enabled": "yes",
            "types": "authentication",
            "type": "saml",
            "general-require_provisioned_account": "1",
            "general-allow_multiple_user_back_ends": "1"
        },

        ...

    }
}

Client configuration

Browser: Google Chrome 104.0.5112.81

Operating system: Windows 11 Pro

Could you please explain how I can configure nextcloud session to live longer (~7 days) than my SSO tokens? Because it seems like nextcloud configuration (e.g. "session_lifetime": "604800") doesn't work when you login with SSO, and actually sessions live less than they configured to. But when you login directly to nextcloud, session lives for 7 days as it should.

Thanks!