Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In conclusion, the IdP should continue to function in all circumstances when function when its cookies are being defaulted to SameSite=Lax by browsers (currently tested on Chrome 78-81 and Firefox 72 with the same-site default flags set). Typically, we have only seen the IdP itself break when the JSESSIONID is set to SameSite 'Strict', which should not happen apart from with a bug in older versions of Safari on MacOS 10.15 and all WebKit browsers on iOS 12 and lower (https://bugs.webkit.org/show_bug.cgi?id=198181). However with regards to achieving single-sign-on you may see degraded operation, and the following possibilities occur:

...