Older versionVersion 2.8PatchesSameSite cookie patch

SameSite cookie patch

Recent browser changes breaks SAML SSO scenario due to lack of or incorrect value in the PhxAuthN cookie.

This patch adds "SameSite=None" value to the cookie. Note that in order for this to work properly communications must be done using a TLS protected channel between client browser and server.

Download the zip and follow the instructions in the readme included in the zip

File name SHA 256 checksum
202002140.zip
ef39cc1f9a5d002798d095fbde338fa0f50487e674791053a0c050fb3b516540

How to verify applied patch

Browse to a page on your SAML IDP.

Open your browser Developer Tools.

Find the cookies section for your IDP hostname.

Verify that the cookie for PhxAuthN has parameter SameSite=None and Secure=true