-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(saml): ensure session cookie survives idp redirect #801
Conversation
Fixes an issue where the session cookie was being marked SameSite by the boot2 upgrade and as a result we would lose an existing session / start a new session after redirect back from the IdP. No longer requires EmptyStorageFactory (went in as a workaround for this issue initially), and fixes redirect after login back to the original request URI being busted.
Similar to spinnaker#801 when using oauth removes the samesite attribute from the session cookie.
Similar to #801 when using oauth removes the samesite attribute from the session cookie.
If this is a fix to the oauth redirect uri breaking between 1.13.6 and 1.14, could we please get this cherry-picked into 1.14.1? |
Similar to #801 when using oauth removes the samesite attribute from the session cookie.
@spinnakerbot cherry-pick 1.14 |
Fixes an issue where the session cookie was being marked SameSite by the boot2 upgrade and as a result we would lose an existing session / start a new session after redirect back from the IdP. No longer requires EmptyStorageFactory (went in as a workaround for this issue initially), and fixes redirect after login back to the original request URI being busted.
Cherry pick successful: #809 |
Fixes an issue where the session cookie was being marked SameSite by the boot2 upgrade and as a result we would lose an existing session / start a new session after redirect back from the IdP. No longer requires EmptyStorageFactory (went in as a workaround for this issue initially), and fixes redirect after login back to the original request URI being busted.
We're still seeing multiple issues in 1.14.2 related to redirectUri that are not present in the 1.13.X branches. Upgrading to 1.14.X is effectively breaking oauth for multiple people. |
@dibyom @cfieber any idea if the fix mentioned in a comment on this issue is the resolution we should be suggesting here? |
I think that works for many cases but not all e.g. if you have internal services trying to access spinnaker via an internal address they now get redirected to the external UI: https://spinnakerteam.slack.com/archives/C091CCWRJ/p1558639811086800 |
Ah okay, is the root cause the spring boot upgrade? Guessing @cfieber is looking into this? Just asking because it seems to be causing issues for a lot of folks in 1.14 so would love to get a fix patched in! |
Fixes an issue where the session cookie was being marked SameSite by the boot2 upgrade
and as a result we would lose an existing session / start a new session after redirect
back from the IdP.
No longer requires EmptyStorageFactory (went in as a workaround for this issue initially),
and fixes redirect after login back to the original request URI being busted.