search cancel

Linked to Case 32268970

book

Article ID: 203303

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're planning to install a Web Agent 12.52SP1CR10 and we'd like to
know if the SameSite cookie enhancement is included ?

 

Resolution

 

At first glance, no, it's not included. You still have to apply a
patch for the version which aren't running on Windows. The version
12.52SP1CR10A has the patch included, but it is limited to Windows Web
Agent.

In order to get a version with Samesite Enhancement included, please
install the Web Agent 12.52SP1CR11, which has been released recently :

  SSO WEBAGENT R12.52 SP01 CR11 [#2820]

    ca-wa-12.52-sp01-cr11-aix-64.zip
    ca-wa-12.52-sp01-cr11-aix.zip
    ca-wa-12.52-sp01-cr11-hpux-itan-64.zip
    ca-wa-12.52-sp01-cr11-hpux-itan.zip
    ca-wa-12.52-sp01-cr11-linux-x86-64.zip
    ca-wa-12.52-sp01-cr11-linux.zip
    ca-wa-12.52-sp01-cr11-sol-64.zip
    ca-wa-12.52-sp01-cr11-sol-x86-64.zip
    ca-wa-12.52-sp01-cr11-sol-x86.zip
    ca-wa-12.52-sp01-cr11-sol.zip
    ca-wa-12.52-sp01-cr11-win32.zip
    ca-wa-12.52-sp01-cr11-win64-64.zip
    ca-wa-12.52-sp01-cr11-zLinux-64.zip

  https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS15420&os=ANY
  

Remember that you'd need to be logged in to be able to download them.

From the release notes :

  Support for IIS 10, InstallAnywhere 2020 SP1, New SameSite ACO Parameter

    The SameSite solution that was previously delivered as a patch is
    now available as an in-built feature in SiteMinder. For any release
    that is prior to 12.52 SP1 CR10a, the solution is available as a
    patch and it must be manually deployed.

    To support the SameSite cookie attribute of Google Chrome 80,
    SiteMinder now provides two new Agent Configuration Object
    parameters, SameSite and getcpcookie (for cookie provider Agents) in
    releases upto 12.52 SP1 CR10. From 12.52 SP1 CR10a, another ACO
    parameter samesiteincompatibleuseragents, is also provided. The ACO
    parameters let you control the default behavior of applications for
    SameSite cookie attribute.

    For detailed information, see How SiteMinder Avoids Impact of the
    Default Behavior of Google Chrome 80 for SameSite Cookie Attribute.

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/release-notes/new-features/web-agent-new-features.html