We published a security advisory regarding a Google Chrome (80) browser update that may impact Primo users. The SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020.
The Change in Chrome cookie handling may have an impact when using Primo and authenticating to SAML in a different domain
If you are using SAML authentication with Primo in a different domain, there are a few important details of which you need to be aware:
Primo February release will include the necessary fix to allow SAML authentication across domains. Integration relying on non-secure (HTTP) protocol or cookie, might be impacted in Google Chrome
Primo Classic UI customers authenticating to SAML in a different domain may be impacted. Ex Libris recommends moving to use the New Primo UI gaining from ongoing developments and secure protocol (HTTPS)
On-premise (local) installations authenticating with SAML in a different domain should install the February release.
Please submit a case if Primo February 2020 release isn't deployed on your site and the above criteria are relevant to your site.
- Article last edited: 06-Feb-2020