What are the Browser settings needed for SSO to work in Chrome?
Something has happened with the Chrome browsers for one of our clients. Their IT staff swears that they have changed anything in the managed settings but, clearly something is going on. I have been searching the web for info on how to implement SSO without luck. What guidance can you give on settings, other than not to Block third-party cookies? (That's the only setting I can set to replicate the issue but, it is not set on the client's browser.
Chrome recently has been changed and is now utilizing a new cookie policy that may be the cause of this behavior. If you need to use third-party cookies for your authentication, you will need to set your cookies to SameSite=None and is marked as Secure.
I'm pretty sure that this is the same problem that I reported to you last week on the private side.
Can you clarify this statement? you will need to set your cookies to SameSite=None and is marked as Secure.
Who is the you and where are they setting these cookies? An individual doing this in Chrome, a Buzz admin doing this in Buzz, or a SDS developer doing it in the SSI coding, or someone/somewhere else?
Comments (4)
Hello Michael!
Chrome recently has been changed and is now utilizing a new cookie policy that may be the cause of this behavior. If you need to use third-party cookies for your authentication, you will need to set your cookies to
SameSite=None
and is marked asSecure
.For more information please see the following two documents from the Chromium project and Chrome:
SameSite Updates
Reject insecure SameSite=None cookies
Hi Brian,
I'm pretty sure that this is the same problem that I reported to you last week on the private side.
Can you clarify this statement? you will need to set your cookies to
SameSite=None
and is marked asSecure
.Who is the you and where are they setting these cookies? An individual doing this in Chrome, a Buzz admin doing this in Buzz, or a SDS developer doing it in the SSI coding, or someone/somewhere else?
Thanks,
Jeremy
Jeremy,
Do you guys use Genius? I presume the "you" in Brian's statement is the SSO provider. I just sent an email to my contact at Genius.
To clarify my previous statement, this would be handled by the SSO provider to account for the changes made to Chrome.