CA Access Gateway SameSite cookie parameter stripped
Article ID: 112050
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Backend is returning a cookie like so:
Set-Cookie: mycookie=<cookiedata>; path=/; secure; HttpOnly; SameSite=Strict
After going through CA Access Gateway (SPS), it becames
set-cookie: mycookie=<cookiedata>;Path=/;Secure;HttpOnly
Set-Cookie: mycookie=<cookiedata>; path=/; secure; HttpOnly; SameSite=Strict
After going through CA Access Gateway (SPS), it becames
set-cookie: mycookie=<cookiedata>;Path=/;Secure;HttpOnly
Environment
Release:
Component: SMSPS
Component: SMSPS
Resolution
Add the following to httpd.conf on the Access Gateway:
Header edit Set-Cookie ^(.*)$ "$1; SameSite=Strict"
This will add SameSite=Strict to all Set-Cookie headers. If you only need to add SameSite=Strict to certain cookies you need to modify the regex and/or use multiple Header statements.
Header edit Set-Cookie ^(.*)$ "$1; SameSite=Strict"
This will add SameSite=Strict to all Set-Cookie headers. If you only need to add SameSite=Strict to certain cookies you need to modify the regex and/or use multiple Header statements.
Feedback
Yes
No
Powered by
