Issue :
You are using Google Chrome 80, and when you have ADFS/SAML or FBA configured site, you notice that intermittently, users logging in fails and goes into a login loop.
The following error is received on ADFS :
"An error occured. Contact your administrator for more information"
FBA does not sign you out either.
Cause :
This behavior is because of Chrome’s new security feature :
A cookie associated with a cross-site resource at <URL> was set with the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies.
Ref: https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html
Testing/Troubleshooting to understand the behavior :
Resolution :
Step 1 -- Recommendations by Microsoft
Step 2 -- If you still see issue continues after March 2020 CU update for SharePoint
Step 3 -- If you do not have a load balancer that distributes load between servers in SharePoint
Note :
Make sure to take a backup of the web.config file from all SharePoint servers before making the below changes
This is only if you are using a SSL web application
Matching Scope : Server Variable
Variable Name : RESPONSE_Set_Cookie
Pattern : (FedAuth=;)(.*)(SameSite=None)
Action type : Rewrite
Value : {R:1}{R:2}{R:3};Secure
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.