How do I disable the SameSite feature in the Chrome Browser
book
Article ID: 145668
calendar_today
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
Issue/Introduction
I am unable to apply the SiteMinder tactical enhancement 'SameSite' patches throughout my environment, and I have users that must gain access to my environment which includes Cross-Domain POST requests, and they are being prevented access or being re-prompted since they have on of the browsers where Google has enabled the new 'SameSite' behavior.
Environment
Release : R12.52 SP1 CR-x, 12.6x, 12.7x, and 12.8x
With the release of the Chrome 80 Browser, Google has configured a small percentage of those released browser versions with the new Chrome 'SameSite' behavior enabled by default. This affects the way in which the Browser will treat cookies that do not include a 'SameSite' flag. If a cookie does not contain the 'SameSite' flag, the Chrome Browser with the 'SameSite' feature enabled will treat that cookie as if it's setting was "LAX".
The Chrome Browsers with the 'SameSite' feature enabled will not present a cookie for a Cross-Domain POST request, unless the cookie has a 'SameSite' flag set to "none" and the SECURE flag is also set on the cookie, thus requiring the Cross-Domain POST to be over HTTPS.