NTLM - Catalog needs login after upgrade Chrome blocks cross-domain cookies

book

Article ID: 211344

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

After upgrading from 17.3.0 to 17.3.04 Service point no longer contacts to catalog via NTLM.

After switching to Service Point requestor opens which requests a login to Catalog.

Catalog-NTLM login itself works correctly

Allow the cross-domain cookies to be sent along with HTTP

Cause

Chrome v84 has introduced a new restriction on cookies, where it blocks cross-domain cookies. So if Catalog and SP are installed on different machines, all the Catalog requests originating from Service point don't send the cookie information.

Resolution

In order to fix this issue, we should enable SSL across the solution so cookies can be transferred across HTTPS (as they are secure) and set the same site flag to none.
 
If it is not something accepted by the customer.
 
The other workaround available is to disable the following chrome flags:
 
chrome://flags/#network-service
 
1) SameSite by default cookies
 
2) Cookies without the same site must be secure
 
This will allow the cross-domain cookies to be sent along with HTTP.