Chrome SameSite Cookie Changes

On July 14th 2020, Chrome rolled out a new behavior for all cookies: https://www.chromestatus.com/feature/5088147346030592 This new mechanism has an effect on all web applications that use an SSO mechanism.

Stages impact

Regarding Stages the change has an impact on the SAML login:

If Stages is used with an SAML IDP and the user session was timed out, a browser refresh will lead into a redirect loop between the IDP and Stages.

As a result the connection to the SAML IDP has to be secure (SSL) otherwise a login of the user is not possible. In any way this is the recommended configuration to connect with the IDP.

Configuration

In addition to the configuration of the SAML-Authentification in the authentication section of the config.xml, ensure that in the config.properties file saml.enabled = true is set. If not done after that, execute update.bat / update.sh.

Summary

It is obligatory to use a secure connection via HTTPS to the IDP when using SAML.

Fixed in Versions

Newer than:

  • 7.4.6.1
  • 7.5.3.0
  • future releases