OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SameSite cookie support and HTTP-POST binding

On 7/19/19, 9:43 AM, "Peter Major" <peter.major@forgerock.com> wrote:

> Chrome is kind of forcing everyone to consider this use-case now:
> Either implementations will need to explicitly opt out of SameSite (by 
> setting it to None), or these SAML features will actually need to work 
> with Lax mode OOTB "somehow".

I don't think it's physically possible for those features to work in Lax mode if they also involve the use of cookies. The bindings do not rely on cookies, so they have nothing at all to say about them. It's the higher order behavior of the software that relies on cookies, and there's really not anything that can be done except don't use them or set SameSite appropriately.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]