institutions using Shibboleth to authenticate Peoplesoft
Cantor, Scott
cantor.2 at osu.edu
Tue Jul 28 18:33:43 UTC 2020
> Specifically, we're trying to debug a SameSite issue with Chrome 80+ when using Peoplesoft Direct connect feature to
> connect to vendors for ordering. (The vendor in question is Jaegger
/ Sciquest). We're hoping some of the other Shib /
> PS institutions might have experience with this?
We have a similar issue with an ordering system on campus, not SciQuest, but I can tell you that they are of course lying. A SameSite issue with an app has nothing to do with the SAML (or OIDC or....) IdP at all and can't possibly be fixed by it. The issue is with the app(s). They have to adjust their cookies (or people just can't use Chrome).
This ordering use case is a prime example of the SameSite problem. You're mid-session so the 2 minute rule Chrome implemented doesn't help and suddenly the change that "didn't break anything" is now fatal.
With Chrome's change finally rolling out, I would imagine the screaming is imminent.
I am not aware of any other browsers starting to implement this idiotic change, though the assumption is they will.
-- Scott
More information about the users
mailing list