Hi All, I am using SAML version 2.6.0.8 in my site and followed the below steps to make it compatible to chrome update but when i check it in browser samsite mode=none is not visible(Screen shot attached). What to do ifusing SAML Library releases from v2.5.0 but earlier than v3.0.0 SAML library v2.5.0 introduced the SAMLhigh-level API which uses a cookie to maintain SAML session state.
The ASP.NET session cookie, rather than aseparate SAML session cookie, is used to maintain SAML session state.
The ASP.NET session cookie must include aSameSite value of None and should be marked as secure.
To achieve this:
1. Update the web server to the latest ASP.NETrelease (ie ASP.NET v4.8 or later) to pick up the runtime support for SameSite.
Note that the application may continue to targetan earlier version of the .NET framework. For example, your application's projectmay continue to target .NET framework v4.0 but you need to update the webserver to ASP.NET v4.8.
2. Update the application's web.config tospecify the following. <sessionState cookieSameSite="None" /> <httpCookies requireSSL="true"/>
3. Confirm that SameSite is working as describedin the section below.
Without these changes, the SameSite parameter ismissing or set to either Lax or Strict.
set-cookie: ASP.NET_SessionId=dwhtw4ajbxblp5pw5arwf0ww; path=/; HttpOnly
After these changes, the SameSite parameter isincluded.
set-cookie: ASP.NET_SessionId=2s2wesefh0cohv0ugctun4hl; path=/; secure;HttpOnly; SameSite=None
Note though that if the ASP.NET update hasn’tbeen installed on the web server, the unrecognized cookieSameSite attributewill result in an “Unrecognized attribute” configuration error at runtime.
These changes are not required if calling theSAML low-level API rather than the more commonly used SAML high-level API.
Please update if i am missing anything.
|