3.11 Configuring Support for Access Manager on Google Chrome Browser

Google Chrome version 80 introduces a change in how cookies are handled in web browser. To support this Chrome version, perform the following steps:

For Identity Server

  1. Open Identity Server’s web.xml.

  2. Uncomment the ResponseCookieProcessor filter configuration to set the <param-name> in the file.

    You must change the value from Active to True.

    <filter>
           <filter-name>ResponseCookieProcessor</filter-name>
           <filter-class>com.novell.nidp.servlets.filters.cookie.ResponseCookieProcessor</filter-class>
           <description> This filter is used to edit Response cookies before delivering to the client.</description>
           <init-param>
                   <param-name>Active</param-name>
                   <param-value>False</param-value>
           </init-param>
           <init-param>
                   <param-name>SameSiteLevel</param-name>
                   <param-value>None</param-value>
           </init-param>     
        </filter>
        <filter-mapping>
            <filter-name>ResponseCookieProcessor</filter-name>
            <url-pattern>/*</url-pattern>
     </filter-mapping>

For information about how to open and edit a file, see Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.

For Access Gateway:

  1. Click Devices > Access Gateways > Edit > Advanced Options.

  2. Add the following Global Advanced Options:

    • NAGGlobalOptions SameSiteCookie=on. This option sets SameSite=None to all Set-Cookie headers coming from Access Gateway.

    • NAGGlobalOptions SameSiteOption <input-string>.

      Instead of using the default value None for the SameSite value, you can set it to Lax or Strict. For example, NAGGlobalOptions SameSiteOption "SameSite=Strict" or NAGGlobalOptions SameSiteOption "SameSite=Lax”.

  3. (Optional) Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options.

  4. Add the following options at proxy service level: