mellon 0.18+ does not work on chromium-based browsers
Bug #2068654 reported by
Rodrigo Barbieri
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone SAML Mellon Charm |
Fix Committed
|
Medium
|
Rodrigo Barbieri |
Bug Description
Since commit [1] mellon changed the default behavior of cross-site cookies by allowing all if unset.
Some IDP providers use cross-site cookies to authenticate. Chromium-based browsers reject insecure cross-site cookies.
It is necessary to add the following parameters to mellon apache config file so it can use secure HTTPS cookies to be compatible with chromium-based browsers:
MellonSecureCookie On
MellonCookieSam
[1] https:/
Changed in charm-keystone-saml-mellon: | |
importance: | Undecided → Medium |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/openstack /charm- keystone- saml-mellon/ +/921472
Review: https:/