28-May-2023 02:01
Hi
I'm using https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-per-request-policies/impleme... to setup and test
F5 SP
MS Azure iDP
and I am using F5 script for setting cookies (F5 APM / ASM) samesite attributes, basically https://community.f5.com/t5/technical-articles/irule-to-set-samesite-for-compatible-clients-and-remo...
My issue is the return call from MS Azure is a 302 redirect back to the F5. the browser (Edge / Firefox) is not sending any of the F5 cookies.
I presume because MRHSession is not being sent a new session is being created which breacks the SAML auth.
I have samesite for this and all F5 to secure / http only / samesite => lax
it looks like i need to set samesite to none for MRHsession
are other facing this problem if so how are you dealing with it - I am thinking of making this change just for my SP VS/domain
is there another solution ?
30-May-2023 17:11
Come back to add some info for this
MRHSession cookie needs to be set to samesite="none" for saml redirect to work - simple as that 😞
Thats what I have done on my SP
