Cookie SameSite Mode - ServiceProvider

Regarding the note I received about Chrome changes in handling cookies ( ), I did not find any cookie set from ComponentSpace.SAML2. We are using v. Tested login flow with Chrome flags #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure and all works fine. I am assuming that we are not affected if we are using only SAMLServiceProvider (not IdP) implementation?

Thank you

Version 2.8.8 uses the ASP.NET session cookie (ie ASP.NET_SessionId) rather than the custom SAML_SessionId cookie.

Some SAML flows will work without any changes and this looks like it’s the case for you.

When acting as the SP, for IdP-initiated SSO no SAML session state is required. For SP-initiated SSO, the flow will still work but one of the minor security checks we make cannot be made. SAML logout does require SAML session state to work correctly.