https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
--- Comment #58 from David Cook <[email protected]> --- (In reply to David Cook from comment #56) > Oh good. Chrome and Firefox appear to work differently. > > In Chrome, if you login to Keycloak first, and then do that > Koha->Keycloak->Koha redirect you're fine. > > In Firefox, if you login to Keycloak first, and then do that > Koha->Keycloak->Koha redirect, you still will get an error. I'm working on integrating another system with OIDC (testing with Keycloak), and I'm running into the same problem. My app session cookie is set to Strict and since it's going "302 App to Keycloak" -> "200 Keycloak to Keycloak" -> "302 Keycloak to App" Chrome prevents the original session cookie from being sent to the App. But after a successful Keycloak to Keycloak login, then it's "302 App to Keycloak" -> "302 Keycloak to App", and then Chrome will send the session cookie to the App. Firefox will prevent the cookie from being sent in both scenarios. -- In my App, I don't think that I have the ability to use different SameSite attributes for anonymous sessions vs authenticated sessions. It's governed by config for a plugin to the MVC framework. I might have a little play, but I'm thinking I might just use a different cookie for managing the whole SSO interaction. I'll let you know how I go... -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
