Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

None per se, but it will become more important than ever to get people to stop misusing overrides for many use cases already addressed such as overriding an SP’s entityID based on content. That will be handled, but differently, by allowing hubs to compute the setting in dynamic ways in Java/JavaScript, much as the IdP supports. This will also allow plugging a hostname into an entityID pattern much as now. Bottom line, things that don’t require an override now will be even more awkward to use overrides to address, so it will be important to transition off of them for those cases.

SameSite Fallback for Broken Clients

The current SP includes a lot of code designed to support “fallback” such that if SameSite is applied to cookies, it creates specially named fallback cookies for broken clients that interpret SameSite incorrectly. These clients are all out of date, out of support, and long since superseded by newer versions, and most truly old clients properly ignored the setting anyway. We cannot justify keeping dozens of lines of convoluted code to keep supporting these clients.

Workaround

Update outdated clients.