Safari 13.1 Blocks All Third Party Cookies from being accessed. This breaks a lot of SSO functionality, suggestions?


Source ^

What are there alternatives for users of OktaAuthJS’s setCookieAndRedirect function?

Hi,

Take a look here: FAQ: How Blocked Third Party Cookies Can Potentially Impact Your Okta Environment

We have multiple applications running on separate domains all of which rely on a single Okta tenant so we can’t use the custom URL domain feature.

Now we have this problem in Safari and Chrome incognito with “block 3rd party cookies” flag set:

  • One tab: user1 logs in with credentials1 to domain1
  • Second tab: user2 tries to log in with credentials2 to domain2 but because the session cookie is now blocked user2 is logged in as user1

Trying now to find a solution based on this note:

Note: In the event that you have multiple applications running on separate domains, all of which rely on a single Okta tenant for authentication, the best course of action will be to convert your applications to use a Federation protocol like OpenID Connect (OIDC). You can learn more about OIDC in our developer docs: https://developer.okta.com/docs/concepts/oauth-openid/

Fun times.

What’s your current SSO solution being used? The use case you described does not look like what blocking of 3rd party cookies does to applications SSO.

Any federation mechanism (OIDC/SAML) would rely upon you redirecting your user for authentication to Okta, which will send a user back with an assertion/token representing the fact that user was successfully authenticated (with additional user information as a useful payload)