cancel
Showing results for 
Search instead for 
Did you mean: 

Chrome Browser new default Referrer-Policy and SAML Problems

Peter_Baumann
Cirrostratus
Cirrostratus

Hi all,

The following is more a solution than a question I want to share with you.

 

We had a customer with a SAML-SP config on the F5 which is working properly.

Since some weeks more and more users are complaining that they cannot login to the application anymore.

 

After a longer troubleshooting session the reason for this was found in the Chrome Browser starting of version 85.x (August 2020 Stable Tree).

It is described here:

https://developers.google.com/web/updates/2020/07/referrer-policy-new-chrome-default

 

And can be tested here:

https://site-one-dot-referrer-demo-280711.ey.r.appspot.com/stuff/detail?tag=red&p=p2

 

Now the customer was using an irule which was doing SAML-SLO for some special applications, for this he was checking for the referer header sent from the browser.

The Chrome v85 was not sending the full path anymore in the referer header and the SAML-SSO and SAML-SLO was therefore not working properly because of the special irule used described above.

 

Just in case you have the same kind of problems you might check the new default Referrer-Policy of Chrome.

Maybe other browser vendors will follow soon with this, who knows.

 

I hope it helps someone to solve problems like "some users cannot login anymore to the app" etc...

 

Best regards,

Peter Baumann

1 REPLY 1

Peter_Baumann
Cirrostratus
Cirrostratus

Well "question" above is answered 😉