Access Keys:
Skip to content (Access Key - 0)

MIT test results - SAML authentication with stricter SameSite settings

Overview

Google Chrome version 80, released on February 4, 2020, introduces changes to its handling of cross-site (aka 3rd party) cookies.

For more information, see https://blog.chromium.org/2020/02/samesite-cookie-changes-in-february.html

While specifics have not yet been finalized, Mozilla Firefox is also likely to update its defaults for cross-site cookies.

This change will impact some MIT services. For example, some vendor sites may need to be updated for successful handling of cross-site cookies when directing between the vendor site and the Touchstone IdP (idp.mit.edu).

Test results to date for Touchstone authentication to vendor sites

Site Result Last Updated
University Tickets Fail 2/5/2020
eShipGlobal Fail 2/5/2020
Off Campus Partners Fail 2/5/2020
Instructure - MIT Canvas Pass for Chrome 80* 2/5/2020
ServiceNow Pass 2/5/2020
SuccessFactors Pass 2/5/2020
CITI Program Pass 2/5/2020
Campus Labs Pass 2/5/2020

*For Chrome 80, Touchstone login to MIT Canvas is successful. For Firefox configured with the more secure SameSite cookie settings, Touchstone login to MIT Canvas is not successful.

Instructions for MIT testers

Instructions for MIT testers

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

February 07, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki