Chrome 80 SameSite changes¶
Starting on February 17th 2020 Google will start adjusting how Chrome 80 sends cookies between different sites. This might break services connected to Feide, and means service providers MUST take action to ensure their services will still be able to login using Feide in the future.
The problem may affect logins, depending on how the service works, either for all, or some of the users. The problem will affect logouts when these are initiated from the Feide side, and may affect logouts initiated by the service.
Changes that need to be made on the Service Provider side¶
All SAML applications, and any OpenID Connect applications that use the
form_post response mode may be affected. If the application depends on cookies
to reconcile the response with its internal state and the cookies are not marked
SameSite=None it is affected. To address the issue service providers are
Changes being made on the Feide side¶
Please note that these changes only relate to the login service itself, and will not mitigate service specific issues as mentioned earlier.
- The cookies that Feide uses for its authentication services will be changed to specifically set the
- There will be additional fallback cookies set (with a
_nsssuffix) to handle the case of legacy browsers that do not support the