samesite cookie for SAML authentication

Question

HiI'm using https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-per-request-policies/implementing-seamless-sso-azure-saml-mfa/azure-ad-creating-local-service-provider-main-authentication.html to setup and testF5 SPMS Azure iDPand I am using F5 script for setting cookies (F5 APM / ASM) samesite attributes, basically https://community.f5.com/t5/technical-articles/irule-to-set-samesite-for-compatible-clients-and-remove-it-for/ta-p/278650My issue is the return call from MS Azure is a 302 redirect back to the F5. the browser (Edge / Firefox) is not sending any of the F5 cookies.&nbsp;I presume because MRHSession is not being sent a new session is being created which breacks the SAML auth.&nbsp;I have samesite for this and all F5 to secure&nbsp; / http only / samesite =&gt; lax&nbsp;it looks like i need to set samesite to none for MRHsessionare other facing this problem if so how are you dealing with it - I am thinking of making this change just for my SP VS/domainis there another solution ?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

alexs_yb · Answer

Come back to add some info for thisMRHSession cookie needs to be set to samesite="none" for saml redirect to work&nbsp; - simple as that 😞Thats what I have done on my SP&nbsp;&nbsp;&nbsp;

Forum Discussion

samesite cookie for SAML authentication

Recent Discussions

INFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024

Can BIG-IP DNS recursion only my domain?

CPU data, control and analytics plane utilization

Can import iSeries 4000 config (OS ver 1.3.x) to rSeries 5000 (f5os-a 1.5.2)?

Datagroup with address and value

Related Content

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

Set the SameSite Attribute for LTM Persistence Cookies

HTTP cookie SameSite: test detection of browsers with incompatible SameSite=None handling

Set the SameSite Cookie Attribute for Web Application and BIG-IP Module Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS