OlegChuev commented on issue #10877: URL: https://github.com/apache/cloudstack/issues/10877#issuecomment-2889949989
> > Is this considered a blocker cc [@Pearl1594](https://github.com/Pearl1594) [@DaanHoogland](https://github.com/DaanHoogland) ? > > [@OlegChuev](https://github.com/OlegChuev) our [QA server](https://qa.cloudstack.cloud/simulator/#/user/login?redirect=/) uses [mocksaml.com](https://mocksaml.com/) for testing purposes, is that good enough or should we look at keycloak or some other IdP server? What IdP server are you using? > > [@rohityadavcloud](https://github.com/rohityadavcloud) let's try to reproduce it > > [@OlegChuev](https://github.com/OlegChuev) the old behaviour is same as > > * api.sessionkey.check.locations=CookieOrParameter > * api.sessionkey.cookie.samesite=Null > > can you re-test ? > > for your information, below are configurations on qa cloud > >  I’ve tested with both `CookieOrParameter` and `Null` and can confirm that neither resolves the issue. I’m starting to suspect that the root cause might lie in an insufficient Nginx configuration. However, what’s most puzzling is that everything seems to work fine when the `HttpOnly` header is removed... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
