[MGNLSSO-286] Endless loop while using FF Created: 15/May/23 Updated: 31/May/23 Resolved: 31/May/23 |
|
| Status: | Closed |
| Project: | Single Sign On |
| Component/s: | None |
| Affects Version/s: | 3.1.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Evzen Fochr | Assignee: | Evzen Fochr |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | waitingForResponse | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | Not Specified | Time Spent: | Not Specified |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Environment: |
PAAS - Magnolia 6.2.29? with sso |
||
| Attachments: |
|
||||||||||
| Issue Links: |
|
||||||||||
| Sub-Tasks: |
|
||||||||||
| Template: |
|
||||||||||
| Acceptance criteria: |
Empty
|
||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||
| Documentation update required: |
Yes
|
||||||||||
| Date of First Response: | |||||||||||
| Epic Link: | SSO maintenance | ||||||||||
| Team: | |||||||||||
| Work Started: | |||||||||||
| Description |
|
SSO is working, but when deployed to PaaS, Firefox Login ends up in Timeout/Looping on "/.auth=state=" with a 302, complaining that the "Login expired". Other browsers (ie. chrome) are working. This problem does not occur on local builds. Magnolia SSO Module 3.1.2 was tested so far. Timeout shouldn't be an issue on Keycloak side, response is quite fast with less than 200ms in most tested cases
Cookie “JSESSIONID” with the “SameSite” attribute value “Lax” or “Strict” was omitted because of a cross-site redirect. https://stackoverflow.com/questions/75553931/samesite-lax-on-jsessionid-not-working-with-firefox-after-redirect
LAX - Means that the cookie is not sent on cross-site requests, such as on requests to load images or... CHROME:
Mozzila:
|
| Comments |
| Comment by Evzen Fochr [ 26/May/23 ] |
|
acordero all customers on paas that are using sso/openid need to set <CookieProcessor sameSiteCookies="Lax" /> Default PaaS environment value is strict. |
| Comment by Evzen Fochr [ 31/May/23 ] |
|
jlegendre can you please can you put this ling to SSO docu too so user can see this requirement? |