This prevents an error where the keystore will have invalid keys even
in presence of a valid SSO ticket (because the parent auth session has
expired already).