OpenStack Keystone SAML Mellon Charm

  1. Bug #2068654
  2. Comment #14

Comment 14 for bug 2068654

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone-saml-mellon (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/charm-keystone-saml-mellon/+/924154
Committed: https://opendev.org/openstack/charm-keystone-saml-mellon/commit/5a73e226550f1756eb4ee0d6bd0a3a61d8073842
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 5a73e226550f1756eb4ee0d6bd0a3a61d8073842
Author: Rodrigo Barbieri <email address hidden>
Date: Thu Jun 6 13:09:14 2024 -0300

    Improve compatibility with Chromium-based browsers

    Since commit [1] mellon changed the default behavior
    of cross-site cookies by allowing all if unset.
    Some IDP providers use cross-site cookies to
    authenticate. Chromium-based browsers reject insecure
    cross-site cookies.

    Adding config option to optioanlly enable
    Secure HTTPS cookies so it can work with
    Chromium-based browsers as long as the
    IDP connection is HTTPS.

    [1] https://github.com/latchset/mod_auth_mellon/commit/5a629a1

    Closes-bug: #2068654
    Change-Id: Ied65c3dc87e3ebb599b446cc72ce3c6adac74e08
    (cherry picked from commit 8c973aaed370e37e38a57b9566bb83ffc7b80656)
    (cherry picked from commit ffcb4348ef47c70934b58f2f34f058c5e7ae29f0)
    (cherry picked from commit 28207fa4f244dd4d02e33e8d858e6295308175da)
    (cherry picked from commit 35646986a284a342f59ad711e28cb9205e336249)
    (cherry picked from commit 0e2386f35db451da5429cde8ee68691254aa6639)