[DOCU-2184] Document SSO infinite loop with sameSiteCookies="strict" Created: 20/May/21 Updated: 04/Jun/21 Resolved: 21/May/21 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Mikaël Geljić | Assignee: | Martin Drápela |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Documentation page URL: | https://docs.magnolia-cms.com/product-docs/Modules/List-of-modules/SSO-module.html | ||||||||
| Description |
|
Strict is currently the default as of 6.2.8. By browsing the HELPDESK-1541 ticket now, I however realize that this was observed with the old SSO connector from services. Not the productized one that we document here. Maybe it is also affected or deserves an update of pac4j. |
| Comments |
| Comment by Maxime Michel [ 20/May/21 ] |
|
The pac4j-based module doesn't run into an infinite loop but can't wrap the login flow successfully either.
|
| Comment by Mikaël Geljić [ 20/May/21 ] |
|
Thanks! Jan actually suggested to document this on Tomcat level instead (and maybe in Troubleshooting), less so about SSO itself. There it would apply more broadly. Whether we change default value or not, the note could go like:
|