[IdP] OAuth/OpenID/SAML authentication flows using cross-site requests (affect)

Forge Component
Published on 5 Jun by Leonardo Fernandes
43 votes
Published on 5 Jun by Leonardo Fernandes

Hello Team,

We have received an email from Team Outsystems  with subject "Upcoming OutSystems Security Patches and Product Changes" and in email it is mention that 

OAuth/OpenID/SAML authentication flows using cross-site requests (affect) OutSystems recommends that we should change to a different authentication flow that does not require cross-site cookies in POST requests to work properly. Most Identity Providers (IdPs) have multiple flows available for developers to choose from.

So just want to understand that in our project we are using IDP component for the SSO Integration using ADFS SAML 2.0, will it have any impact and if yes then what we need to do to mitigate it.

Please check below link for more details



Preeti Kumari

Were you affected by this Preeti?  If yes, can you share how you resolved it?


Is not expected to this patch have impact on IdP.