Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1476

Need a filter to append SameSite to cookies

    XMLWordPrintable

    Details

      Description

      With the Chrome change coming, I think we need a filter to add SameSite=none to the IdP session cookie as a hedge against problems. I believe we will see issues with SSO prevented when SPs use the POST binding.

      We discussed on call, but using a filter for now seems like the more practical fix until Java adds the SameSite option to the API. If they never do, we can revisit.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cantor.2@osu.edu Scott Cantor
              Reporter:
              cantor.2@osu.edu Scott Cantor
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week, 2 days, 3 hours, 30 minutes
                  1w 2d 3h 30m