Older versionVersion 2.8PatchesSameSite cookie patch

SameSite cookie patch

Recent browser changes breaks SAML SSO scenario due to lack of or incorrect value in the PhxAuthN cookie.

This patch adds "SameSite=None" value to the cookie. Note that in order for this to work properly communications must be done using a TLS protected channel between client browser and server.

Download the zip and follow the instructions in the readme included in the zip

File name SHA 256 checksum

How to verify applied patch

Browse to a page on your SAML IDP.

Open your browser Developer Tools.

Find the cookies section for your IDP hostname.

Verify that the cookie for PhxAuthN has parameter SameSite=None and Secure=true