Looking for other third-party SPs that fail with stricter SameSite settings
Morgan, Andrew Jason
morgan at oregonstate.edu
Thu Jan 30 13:15:33 EST 2020
You *can* test with Chrome if you start it with the argument "--enable-features=SameSiteDefaultChecksMethodRigorously". You should also open chrome://flags and explicitly enable #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure (restart browser afterwards). This new SameSite behavior rolls out gradually over time after Chrome 80 is installed, so you can't even be sure you have it turned out unless you explicitly make these changes to settings.
The gory details are documented at:
https://www.chromium.org/updates/same-site
Thanks,
Andy Morgan
Identity & Access Management
Oregon State University
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>
Sent: Thursday, January 30, 2020 10:10 AM
To: Shib Users <users at shibboleth.net>
Subject: RE: Looking for other third-party SPs that fail with stricter SameSite settings
> We were notified about Jagger (SciQuest) today.
> Just tried it and it looks like at least the SSO part is working, but will continue
> testing. They recommended checking with their test site and the SameSite
> settings enabled in Chrome 79.
If you want to know if it's broken, use Firefox. Testing with Chrome won't reveal anything inside of the two minute window.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200130/d3ceae5a/attachment.html>
More information about the users
mailing list