Chrome SameSite Cookie Changes
On July 14th 2020, Chrome rolled out a new behavior for all cookies: https://www.chromestatus.com/feature/5088147346030592 This new mechanism has an effect on all web applications that use an SSO mechanism.
Stages impact
Regarding Stages the change has an impact on the SAML login:
If Stages is used with an SAML IDP and the user session was timed out, a browser refresh will lead into a redirect loop between the IDP and Stages.
As a result the connection to the SAML IDP has to be secure (SSL) otherwise a login of the user is not possible. In any way this is the recommended configuration to connect with the IDP.
Configuration
In addition to the configuration of the SAML-Authentification in the authentication section of the config.xml, ensure that in the config.properties file saml.enabled = true
is set. If not done after that, execute update.bat / update.sh.
Summary
It is obligatory to use a secure connection via HTTPS to the IDP when using SAML.
Fixed in Versions
Newer than:
- 7.4.6.1
- 7.5.3.0
- future releases