3rd party cookies phase out on chrome

[odin1988]

Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

As chrome is phasing out 3rd party cookies half of our applications connected to keycloak and redhat SSO will not be working anymore with chrome at the end of the year.

Version

7.6.2.GA

Expected behavior

I would propose to allow us to configure cookie domain. Which would allow us to fix the problem for us.

Actual behavior

No application using Keycloak will work end of the year.

How to Reproduce?

1. run chrome with commandline flag --test-third-party-cookie-phaseout set or configure chrome setting chrome://flags/#test-third-party-cookie-phaseout
2. Run application connected to keycloak --> secured resources will be broken

Anything else?

resource for phase out https://developers.google.com/privacy-sandbox/3pcd?hl=de#report-issues

[jonkoops]

Hi @odin1988, we're aware of the 3rd party cookie phase-out and have done work over the last year to ensure Keycloak is ready for it. We'll be writing some documentation around this relatively soon (see #25990).

No application using Keycloak will work end of the year.

This is false. Keycloak will continue to work, with a couple of caveats if you are running it in a 3rd-party context. Specifically:

• The Session Management spec will no longer function as expected. Keycloak will log a warning about this, and disable the functionality for that session.
• Silent Authentication will fall back to a full redirect instead.

If you have specific issue with the 3rd-party cookie phase-out in the latest version of Keycloak feel free to report them. Please make sure to provide a minimal and reproducible example.