Does EasySSO SAML work with Strict SameSite Session Cookies?

Due to browser limitations, we have noticed some cases where session cookies being set with the SameSite=Strict attribute breaks SAML Authentication.

This seems to be browsers interpreting this value very strictly, and also enforcing it on same site redirects after a cross origin request. Essentially, after SAML authentication is complete and the user has a new session cookie, the browser does not send this cookie when redirected to the original destination page.

For example in Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1465402

FishEye / Crucible

In recent versions of FeCru, this setting is enabled by default. You can update this setting in <fisheyeinstalldirectory>/content/WEB-INF/web.xml

<cookie-config>
    <name>FESESSIONID</name>
    <http-only>true</http-only>
    <comment>__SAME_SITE_NONE__</comment>
	<secure>true</secure>
</cookie-config>

Does EasySSO SAML work with Strict SameSite Session Cookies?

FishEye / Crucible

EasySSO

About us

More info

New Zealand Home Ideas Centre Level 2, 10 Hutt Road, Petone, Wellington PO Box 38906 WMC Box Lobby Lower Hutt 5045	Australia Co-Hort Innovation Space, 16 Nexus Way, Southport, QLD PO Box 1403, Macquarie Centre, North Ryde, NSW 2113
0800 TECHTIME +64 4 570 0048	1800 BE LAZY +61 7 3074 9404
support@techtime.co.nz	info@techtime-initiative.com.au