From 359e4d8c0ce0f95e6541e3ef1d3a8c89f388f1c1 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 17 Dec 2018 12:50:32 +0100 Subject: [PATCH] Fix SAML Client login flow on Apple devices Because the redirect from the SAML/SSO endpoint is a POST the lax/strict cookies are not properly send. Note that it is not strictly requried on this endpoint as we do not need the remember me data. Only the real session info is enough. The endpoint is also already protected by a state token. Signed-off-by: Roeland Jago Douma --- core/Controller/ClientFlowLoginController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 2e8216c2ba..036ea4eaee 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -207,6 +207,7 @@ class ClientFlowLoginController extends Controller { /** * @NoAdminRequired * @NoCSRFRequired + * @NoSameSiteCookieRequired * @UseSession * * @param string $stateToken