Google Chrome version 80 introduces a change in how cookies are handled in web browser. To support this Chrome version, perform the following steps:
For Identity Server
Open Identity Server’s web.xml.
Uncomment the ResponseCookieProcessor filter configuration to set the <param-name> in the file.
You must change the value from Active to True.
<filter> <filter-name>ResponseCookieProcessor</filter-name> <filter-class>com.novell.nidp.servlets.filters.cookie.ResponseCookieProcessor</filter-class> <description> This filter is used to edit Response cookies before delivering to the client.</description> <init-param> <param-name>Active</param-name> <param-value>False</param-value> </init-param> <init-param> <param-name>SameSiteLevel</param-name> <param-value>None</param-value> </init-param> </filter> <filter-mapping> <filter-name>ResponseCookieProcessor</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
For information about how to open and edit a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
For Access Gateway:
Click Devices > Access Gateways > Edit > Advanced Options.
Add the following Global Advanced Options:
NAGGlobalOptions SameSiteCookie=on. This option sets SameSite=None to all Set-Cookie headers coming from Access Gateway.
NAGGlobalOptions SameSiteOption <input-string>.
Instead of using the default value None for the SameSite value, you can set it to Lax or Strict. For example, NAGGlobalOptions SameSiteOption "SameSite=Strict" or NAGGlobalOptions SameSiteOption "SameSite=Lax”.
(Optional) Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options.
Add the following options at proxy service level:
NAGHostOptions SameSiteCookie=on
NAGHostOptions SameSiteOption SameSite=<input-string>. <input-string> can be Strict or Lax.
For more information about these options, see Access Gateway Advanced Options in the NetIQ Access Manager 5.0 Administration Guide.