From 7ec2a6a643d40ee026096390105fb91f8e08bd94 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora <jpazdziora@redhat.com>
Date: Mon, 7 Oct 2024 10:37:31 +0200
Subject: [PATCH] Addressing User has disabled cookies, or has lost the cookie
 before returning from the SAML2 login server per
 https://access.redhat.com/solutions/7004299

---
 src/www-mod_wsgi-saml.conf | 5 +++++
 src/www-proxy-saml.conf    | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/www-mod_wsgi-saml.conf b/src/www-mod_wsgi-saml.conf
index 5c72df9..9662738 100644
--- a/src/www-mod_wsgi-saml.conf
+++ b/src/www-mod_wsgi-saml.conf
@@ -36,6 +36,11 @@ Require all granted
     # Comment out the next two lines if you want to allow logins on bare HTTP
     # MellonsecureCookie On
     # SSLRequireSSL
+
+    # https://access.redhat.com/solutions/7004299
+    MellonSecureCookie On
+    MellonCookieSameSite none
+
     MellonUser "NAME_ID"
     MellonIdP "IDP"
     MellonSessionLength 3600
diff --git a/src/www-proxy-saml.conf b/src/www-proxy-saml.conf
index 3776d94..bb705aa 100644
--- a/src/www-proxy-saml.conf
+++ b/src/www-proxy-saml.conf
@@ -26,6 +26,11 @@ ProxyPassReverse / http://app.example.test/
     # Comment out the next two lines if you want to allow logins on bare HTTP
     # MellonsecureCookie On
     # SSLRequireSSL
+
+    # https://access.redhat.com/solutions/7004299
+    MellonSecureCookie On
+    MellonCookieSameSite none
+
     MellonUser "NAME_ID"
     MellonIdP "IDP"
     MellonSessionLength 3600