search cancel

CA Access Gateway SameSite cookie parameter stripped

book

Article ID: 112050

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Backend is returning a cookie like so:

Set-Cookie: mycookie=<cookiedata>; path=/; secure; HttpOnly; SameSite=Strict 

After going through CA Access Gateway (SPS), it becames 

set-cookie: mycookie=<cookiedata>;Path=/;Secure;HttpOnly 
 

Environment

Release:
Component: SMSPS

Resolution

Add the following to httpd.conf on the Access Gateway:

Header edit Set-Cookie ^(.*)$ "$1; SameSite=Strict"

This will add SameSite=Strict to all Set-Cookie headers. If you only need to add SameSite=Strict to certain cookies you need to modify the regex and/or use multiple Header statements.