CA Access Gateway SameSite cookie parameter stripped
book
Article ID: 112050
calendar_today
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Show More
Show Less
Issue/Introduction
Backend is returning a cookie like so: Set-Cookie: mycookie=<cookiedata>; path=/; secure; HttpOnly; SameSite=Strict After going through CA Access Gateway (SPS), it becames set-cookie: mycookie=<cookiedata>;Path=/;Secure;HttpOnly
Environment
Release: Component: SMSPS
Resolution
Add the following to httpd.conf on the Access Gateway: Header edit Set-Cookie ^(.*)$ "$1; SameSite=Strict" This will add SameSite=Strict to all Set-Cookie headers. If you only need to add SameSite=Strict to certain cookies you need to modify the regex and/or use multiple Header statements.
Feedback
thumb_up
Yes
thumb_down
No