https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33259
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Discussion |Failed QA --- Comment #54 from David Cook <[email protected]> --- Going to mark this as Failed QA in any case as it doesn't take into account the CGISESSID cookie created by the OIDC in Koha/REST/V1/OAuth/Client.pm. -- Also, as I feared, with SameSite of "Strict", OIDC SSO is broken. -- Interestingly, when Keycloak POSTs a 302 to Koha it doesn't work, but there is a scenario with Keycloak where a Strict cookie is still sent after a redirect. If I log into Keycloak first, and then I go to Koha and click "Log in with Keycloak", I'm redirected from Koha to Keycloak and redirected from Keycloak to Koha. In this situation where it's two GET 302s in a row, the Strict cookie is still sent, and I'm logged into Koha using Keycloak. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
