OpenStack Keystone SAML Mellon Charm

  1. Bug #2068654
  2. Comment #4

Comment 4 for bug 2068654

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone-saml-mellon (master)

Reviewed: https://review.opendev.org/c/openstack/charm-keystone-saml-mellon/+/921472
Committed: https://opendev.org/openstack/charm-keystone-saml-mellon/commit/8c973aaed370e37e38a57b9566bb83ffc7b80656
Submitter: "Zuul (22348)"
Branch: master

commit 8c973aaed370e37e38a57b9566bb83ffc7b80656
Author: Rodrigo Barbieri <email address hidden>
Date: Thu Jun 6 13:09:14 2024 -0300

    Improve compatibility with Chromium-based browsers

    Since commit [1] mellon changed the default behavior
    of cross-site cookies by allowing all if unset.
    Some IDP providers use cross-site cookies to
    authenticate. Chromium-based browsers reject insecure
    cross-site cookies.

    Adding config option to optioanlly enable
    Secure HTTPS cookies so it can work with
    Chromium-based browsers as long as the
    IDP connection is HTTPS.

    [1] https://github.com/latchset/mod_auth_mellon/commit/5a629a1

    Closes-bug: #2068654
    Change-Id: Ied65c3dc87e3ebb599b446cc72ce3c6adac74e08