This is an old revision of the document!
Chrome SameSite Cookie Changes
On July 14th 2020, Chrome rolled out a new behavior for all cookies: https://www.chromestatus.com/feature/5088147346030592 This new mechanism has an effect on all web applications that use an SSO mechanism.
Stages impact
Regarding Stages the change has an impact on the SAML login:
If Stages is used with an SAML IDP and the user session was timed out, a browser refresh will lead into a redirect loop between the IDP and Stages.
As a result the connection to the SAML IDP has to be secure (SSL) otherwise a login of the user is not possible. In any way this is the recommended configuration to connect with the IDP.
Summary
It is obligatory to use a secure connection via HTTPS to the IDP when using SAML.
Fixed in Versions
Newer than:
- 7.4.6.1
- 7.5.3.0
- future releases