[IdP] OAuth/OpenID/SAML authentication flows using cross-site requests (affect)

Forge Component
(41)
Published on 20 Mar (3 weeks ago) by João Pêgas
41 votes
Published on 20 Mar (3 weeks ago) by João Pêgas

Hello Team,

We have received an email from Team Outsystems  with subject "Upcoming OutSystems Security Patches and Product Changes" and in email it is mention that 

OAuth/OpenID/SAML authentication flows using cross-site requests (affect) OutSystems recommends that we should change to a different authentication flow that does not require cross-site cookies in POST requests to work properly. Most Identity Providers (IdPs) have multiple flows available for developers to choose from.

So just want to understand that in our project we are using IDP component for the SSO Integration using ADFS SAML 2.0, will it have any impact and if yes then what we need to do to mitigate it.

Please check below link for more details

https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/Upcoming_changes_in_cookie_handling_in_Google_Chrome?mkt_tok=eyJpIjoiWkdZMFpHVXlaRFJpWlRndyIsInQiOiJldXN0aGh2SitISTdVaFM2Nld1bWJueGFmQ3M2UEI3dGRHQWVKZzBvOUlzam5HSUx0ckFwWWljTDYwZUhhVW9DanpvMk1yTnZQOUZzWnI3RE9adTVqTlwveHFnSFwvV3VNMmlDZVhQNWJrcFwvRDI0RFN2K3dZRWsrNG9LQnI1ek0xeiJ9

Thanks,

Preeti Kumari

Were you affected by this Preeti?  If yes, can you share how you resolved it?

Hi,

Is not expected to this patch have impact on IdP.

Regards.