Project

General

Profile

Actions
Copy link

Bug #14496

closed

Mapped domain SSO uses third-party cookies

Added by Raymond Hoh almost 4 years ago. Updated about 1 month ago.

Status:
Duplicate
Priority name:
Normal
Assignee:
Raymond Hoh
Category name:
Domain Mapping
Target version:
2.5.2
Start date:
2021-05-24
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Currently, our mapped domain plugin, Mercator, uses third-party cookies in order to automatically sign-on logged-in Commons users to mapped domains.

The problem with this is third-party cookies are increasingly being blocked by default and there are plans in Chrome to scrap third-party cookies entirely in the next few years.

This ticket is to track what we should do.

Some approaches include:

- Redirecting logged-in users to the Commons subdomain instead of the mapped domain
- Remove SSO entirely. Meaning that users will have to login again on the mapped domain even if they are already logged into the Commons.
- Find another sign-on approach that doesn't use third-party cookies. Could rely on a set of redirects, but has the potential to be error-prone.

Related issues

Related to CUNY Academic Commons - Bug #21797: Redirect loop for mapped domains when logged inResolvedRaymond Hoh2025-01-18

Actions
Actions
Copy link
 #1

Updated by Raymond Hoh about 1 month ago

  • Related to Bug #21797: Redirect loop for mapped domains when logged in added
Actions
Copy link
 #2

Updated by Raymond Hoh about 1 month ago

  • Status changed from New to Duplicate
  • Target version changed from Future release to 2.5.2

This is no longer necessary as https://redmine.gc.cuny.edu/issues/21797#note-16 implements an alternative, multisite SSO approach that doesn't require third-party cookies. (It implements a variation on the third option I list above.)

Marking as a duplicate of #21797.

Actions
Copy link

Also available in: Atom PDF