Latest Chrome breaks SAML logins for "chrome sign in"
mattjm at uw.edu
Mon Dec 28 14:51:27 EST 2015
I received a customer complaint about Chrome browser sign-in and I've
been able to reproduce it. This is the functionality where you can
use a google or google apps account to sync browser history and other
things between computers.
-Using latest version of Chrome (47.0.2526.106 m on Windows)
-Try to "sign in" to Chrome using a Google apps @edu account
-Enter scoped identifier (e.g. netid at uw.edu) in sign-in box (not a
tab). Enter a password or not...it doesn't change the outcome.
-Redirected to correct IdP in a browser tab
-Authenticate to IdP
-Receive Shib IdP "no cookies" error.
"Normal" SAML auth to google apps (gmail, etc.) works fine.
Inspecting cookies indicates Chrome is losing the authn request when
it switches from the sign-in box to the new tab for IdP login.
Has anyone experienced this? Is there a fix, or way to notify Google
that they've broken SAML logins?
Identity & Access Management Specialist
UW Information Technology
More information about the users