JSESSIONID issues, Stale Session. (SameSite issue?)
cantor.2 at osu.edu
Thu Jan 20 16:49:35 UTC 2022
The SameSite page contains this text that needs to be more prominent:
"It is also likely that SAML proxying will be affected by this issue, because the POST back to the IdP from the proxied IdP will omit the necessary cookies to resume the flow, resulting in the "stale request" message."
It's not "likely", it's fact. The IdP will not function unless the original JSESSIONID is delivered back with the SAML POST intact.
More information about the users