Mapped domain SSO uses third-party cookies
Currently, our mapped domain plugin, Mercator, uses third-party cookies in order to automatically sign-on logged-in Commons users to mapped domains.
The problem with this is third-party cookies are increasingly being blocked by default and there are plans in Chrome to scrap third-party cookies entirely in the next few years.
This ticket is to track what we should do.
Some approaches include:
- Redirecting logged-in users to the Commons subdomain instead of the mapped domain
- Remove SSO entirely. Meaning that users will have to login again on the mapped domain even if they are already logged into the Commons.
- Find another sign-on approach that doesn't use third-party cookies. Could rely on a set of redirects, but has the potential to be error-prone.