Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In conclusion, the IdP should continue to function when its cookies are being defaulted to SameSite=Lax by browsers (currently tested on Chrome 78-81 and Firefox 72 with the same-site default flags set). Typically, we have only seen the IdP itself break when the JSESSIONID is set to SameSite 'Strict', which should not happen apart from with a bug in when explicitly trying to set SameSite=None with older versions of Safari on MacOS <=10.15 14 and all WebKit browsers on iOS 12 and lower <=12  (https://bugs.webkit.org/show_bug.cgi?id=198181). However with regards to achieving single-sign-on you may see degraded operation, and the following possibilities occur:

...