Univention Bugzilla – Bug 54483
simplesamlphp: make "Secure" and "SameSite" cookie attribute configurable
Last modified: 2022-06-08 20:17:35 CEST
Cookies in simplesamlphp currently don't set flags and we cannot configure any. We should make the "SameSite" and "Secure" configurable via UCR. I think we cannot set "SameSite=Strict" as the UMC login dialog won't work then anymore. This has to be tested.
The cookie attributes "Secure" and "SameSite" can now be set for the language and session cookies of the SAML IDP via UCR variables saml/idp/{session,language}-cookie/{secure,samesite}. Successful build Package: simplesamlphp Version: 1.16.3-1+deb10u2A~5.0.0.202205101009 Branch: ucs_5.0-0 Scope: errata5.0-1 Successful build Package: univention-saml Version: 7.0.4-21A~5.0.0.202205101228 Branch: ucs_5.0-0 Scope: errata5.0-1 commit: 2c5d4852bf5a8af26d2bc40ee430bbec1bad67b2
OK: Secure=true OK: SameSite=Lax|Strict are working ~ SameSite=None doesn't work for me. simplesamlphp complains about: Missing cookie You appear to have disabled cookies in your browser. Please check the settings in your browser, and try again. https://ucs-sso.$domainname/simplesamlphp/module.php/core/no_cookie.php → I see no problems with using "Strict" even on HTTP. Maybe it's just ok - I don't think we need "None". OK: YAML
<https://errata.software-univention.de/#/?erratum=5.0x314> <https://errata.software-univention.de/#/?erratum=5.0x316>