How to confirm client-storage-read view is rendered (for SameSite)

Dan Malone dmalone at calpoly.edu
Thu Feb 27 14:41:56 EST 2020 

Following conclusions on the SameSite testing wiki:
https://wiki.shibboleth.net/confluence/display/DEV/IdP+SameSite+Testing

Since we are using server side session storage, we enabled htmlLocalStorage:

    idp.storage.htmlLocalStorage = true

verified the ClientStorageServices beans have not been removed:

         <util:list id="shibboleth.ClientStorageServices">
             <ref bean="shibboleth.ClientSessionStorageService" />
             <ref bean="shibboleth.ClientPersistentStorageService" />
         </util:list>

and redeployed (to our DEV environment).

We are now trying to confirm this change will have the desired affect. Since our attempts to reproduce the SameSite errors prior to this change were unsuccessful/inconsistent, we don't think thats the best way for us to test the change.

Assuming the client-storage-read view is loaded faster than the eye can see, we've been trying find a way to confirm it is loading.
1. DevTools - Using Chrome DevTools, and Firefox equivalent, we are only seeing a single request to the IDP with the referrer being the SP:

    Request URL: https://idp.calpoly.edu/idp/profile/SAML2/POST/SSO
    Request Method: POST

Should we expect to see a second request here as the client-storage-read view is rendered?

2. Logs - Is there anywhere in the logs that would indicate the client-storage-read view was rendered?

3. Local Storage - Even though we are using server side session storage, will enabling local storage cause the IDP to store anything client side?

Thanks for any ideas.
Dan

-- 
Dan Malone
Lead Identity Management Architect
Information Technology Services
California Polytechnic State University
San Luis Obispo, California

Direct 805-756-6326
dmalone at calpoly.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200227/9ca4d3e4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4207 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20200227/9ca4d3e4/attachment.p7s>

More information about the users mailing list