I’m using IDS4/ComponentSpace and I find my idsrv and idsrv.session cookies blocked on the oidc call with the following message:
‘The cookie was blocked because it’s path was not an exact match for a super directory or the request URL’s path.’
The cookie path displayed in the Chrome Dev Tools points to my IDS4/CS implementation but all of my other cookies point to ‘/’.
To my knowledge I am not setting this cookie path anywhere. I am cloud hosted behind a reverse proxy and I suspect this may have something to do with this issue but I’m unclear on how this path is set. I am able to authenticate but I feel like I’m missing something, any insight here would be appreciated.
These are IDS4 cookies and not something the SAML library has knowledge of.
From what I’ve seen, IDS4 sets these cookies with no specific path and they should be sent with all requests to IDS4 URLs. In this case, the path property shown in the browser developer tools would be “/”.
I’m not sure why you would see something different assuming the path isn’t being set somewhere.
Perhaps you could ask on an IDS4 support forum.