libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-12125 Update docs regarding SameSite changes

Browse source
This commit is contained in:
mhajas 2020-01-17 14:18:54 +01:00 committed by Stian Thorgersen
parent faf37e32af
commit 33d554c149
4 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
release_notes/index.adoc
View file

@ -16,6 +16,9 @@ include::topics/templates/release-header.adoc[]
== {project_name_full} 9.0.0 == {project_name_full} 9.0.0
include::topics/9_0_0.adoc[leveloffset=2] include::topics/9_0_0.adoc[leveloffset=2]
== {project_name_full} 8.0.2
include::topics/8_0_2.adoc[leveloffset=2]
== {project_name_full} 8.0.1 == {project_name_full} 8.0.1
include::topics/8_0_1.adoc[leveloffset=2] include::topics/8_0_1.adoc[leveloffset=2]

9
release_notes/topics/8_0_2.adoc Normal file
View file

@ -0,0 +1,9 @@
= Highlights
== SameSite cookie changes with upcoming Google Chrome update
Starting with version 80, Google Chrome will change the default value for the `SameSite` cookie parameter to `Lax`.
Therefore, changes were required to several {project_name} cookies (especially those which are used within the
Javascript adapter for checking the session status using the iframe) to set `SameSite` parameter to `None`. Please note
that this settings also requires setting the `Secure` parameter, hence starting with this version, the Javascript
adapter will only be fully functional when using the SSL / TLS connection on the {project_name} side.

7
securing_apps/topics/oidc/javascript-adapter.adoc
View file

@ -92,6 +92,8 @@ It has no other task than sending the received tokens to the main application an
Please keep in mind that this page at the specified location must be provided by the application itself and is _not_ part of the JavaScript adapter! Please keep in mind that this page at the specified location must be provided by the application itself and is _not_ part of the JavaScript adapter!
WARNING: Starting with Chrome version 80 (released on February 2020), silent `check-sso` functionality will work only
when the SSL / TLS connection is configured on the {project_name} side.
To enable `login-required` set `onLoad` to `login-required` and pass to the init method: To enable `login-required` set `onLoad` to `login-required` and pass to the init method:
@ -154,6 +156,11 @@ This feature can be disabled by setting `checkLoginIframe: false` in the options
You should not rely on looking at this cookie directly. Its format can change and it's also associated with the URL of the {project_name} server, not You should not rely on looking at this cookie directly. Its format can change and it's also associated with the URL of the {project_name} server, not
your application. your application.
WARNING: Starting with Chrome version 80 (released on February 2020), status iframe will only be able to see the special
cookie over the SSL / TLS connection configured on the {project_name} side. Using an insecure connection may lead to redirecting
to {project_name} every time iframe checks the status. You can avoid this behavior by disabling iframe
or link:{installguide_link}#_setting_up_ssl[configuring the SSL / TLS] on the {project_name} side.
[[_javascript_implicit_flow]] [[_javascript_implicit_flow]]
==== Implicit and Hybrid Flow ==== Implicit and Hybrid Flow

2
server_installation/topics/network/https.adoc
View file

@ -1,4 +1,4 @@
[[_setting_up_ssl]]
=== Setting up HTTPS/SSL === Setting up HTTPS/SSL
WARNING: {project_name} is not set up by default to handle SSL/HTTPS. WARNING: {project_name} is not set up by default to handle SSL/HTTPS.