Latest Chrome breaks SAML logins for "chrome sign in"
fox at washington.edu
Mon Dec 28 15:52:46 EST 2015
>> -Receive Shib IdP "no cookies" error.
> I don't know what error you're referring to, but FWIW I tried with a vanilla V3 install that the Shibboleth team have running and a Google account that happens to be backed by it and it appears to have worked (I couldn't say exactly what it was meant to do, but it's back at Google's site and seems to say I'm logged in.
>> Inspecting cookies indicates Chrome is losing the authn request when
>> it switches from the sign-in box to the new tab for IdP login.
> The SAML request isn't carried by any cookies. There is certainly cookie-based state, but if V3 works, I don't know why V2 wouldn't.
It's not losing the authn request. The "requires cookies" error comes when the user returns from our pubcookie login page. It's at that point that the shib session cookie is both necessary and, in this case, not there.
Ordinary logins do work, e.g., for us, we can log into gmail.uw.edu just fine. To see the error:
1) Click the triple-bars on the right side of the Chrome banner.
2) Select 'Settings'
3) Click 'Sign in to Chrome'
4) Then try the SAML login method.
More information about the users