OpenStack Keystone SAML Mellon Charm

  1. Bug #2068654
  2. Comment #8

Comment 8 for bug 2068654

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-keystone-saml-mellon (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/charm-keystone-saml-mellon/+/922633
Committed: https://opendev.org/openstack/charm-keystone-saml-mellon/commit/28207fa4f244dd4d02e33e8d858e6295308175da
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 28207fa4f244dd4d02e33e8d858e6295308175da
Author: Rodrigo Barbieri <email address hidden>
Date: Thu Jun 6 13:09:14 2024 -0300

    Improve compatibility with Chromium-based browsers

    Since commit [1] mellon changed the default behavior
    of cross-site cookies by allowing all if unset.
    Some IDP providers use cross-site cookies to
    authenticate. Chromium-based browsers reject insecure
    cross-site cookies.

    Adding config option to optioanlly enable
    Secure HTTPS cookies so it can work with
    Chromium-based browsers as long as the
    IDP connection is HTTPS.

    [1] https://github.com/latchset/mod_auth_mellon/commit/5a629a1

    Closes-bug: #2068654
    Change-Id: Ied65c3dc87e3ebb599b446cc72ce3c6adac74e08
    (cherry picked from commit 8c973aaed370e37e38a57b9566bb83ffc7b80656)
    (cherry picked from commit ffcb4348ef47c70934b58f2f34f058c5e7ae29f0)