How do I disable the SameSite feature in the Chrome Browser
Article ID: 145668
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
I am unable to apply the SiteMinder tactical enhancement 'SameSite' patches throughout my environment, and I have users that must gain access to my environment which includes Cross-Domain POST requests, and they are being prevented access or being re-prompted since they have on of the browsers where Google has enabled the new 'SameSite' behavior.
Environment
Release : R12.52 SP1 CR-x, 12.6x, 12.7x, and 12.8x
Component : SITEMINDER -Web Agent, WAOP, AccessGateway
Cause
With the release of the Chrome 80 Browser, Google has configured a small percentage of those released browser versions with the new Chrome 'SameSite' behavior enabled by default. This affects the way in which the Browser will treat cookies that do not include a 'SameSite' flag. If a cookie does not contain the 'SameSite' flag, the Chrome Browser with the 'SameSite' feature enabled will treat that cookie as if it's setting was "LAX".
The Chrome Browsers with the 'SameSite' feature enabled will not present a cookie for a Cross-Domain POST request, unless the cookie has a 'SameSite' flag set to "none" and the SECURE flag is also set on the cookie, thus requiring the Cross-Domain POST to be over HTTPS.
The Chrome Browsers with the 'SameSite' feature enabled will not present a cookie for a Cross-Domain POST request, unless the cookie has a 'SameSite' flag set to "none" and the SECURE flag is also set on the cookie, thus requiring the Cross-Domain POST to be over HTTPS.
Resolution
To disable the Chrome 'SameSite' feature;
Set both of these flags to "Disabled".
Restart the browser for the changes to take effect.
Chrome Browser Flags chrome://flags
Chrome has below two flags:
#cookies-without-same-site-must-be-secure
Set both of these flags to "Disabled".
Restart the browser for the changes to take effect.
Additional Information
Please refer to the following Chromium.org links for information on the ‘SameSite’ feature;
https://www.chromium.org/updates/same-site
https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies
Please refer to the following Communities Post which explains this Broadcom solution for the Google Chrome 80 'SameSite' behavior;
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=2b29c302-4e89-431b-aaf1-de90c616fca5&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm2b29c302-4e89-431b-aaf1-de90c616fca5
https://www.chromium.org/updates/same-site
https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies
Please refer to the following Communities Post which explains this Broadcom solution for the Google Chrome 80 'SameSite' behavior;
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=2b29c302-4e89-431b-aaf1-de90c616fca5&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm2b29c302-4e89-431b-aaf1-de90c616fca5
Feedback
Yes
No
Powered by
