Documentation for #2281

2020-08-17 16:55:03 +02:00 · 2020-08-17 16:55:03 +02:00 · 21e6cbb2c4
commit 21e6cbb2c4
parent a4b80b1a37
2 changed files with 8 additions and 1 deletions
--- a/doc/sources/admin/ssocookie.rst
+++ b/doc/sources/admin/ssocookie.rst
@ -29,13 +29,17 @@ To edit SSO cookie parameters, go in Manager, ``General Parameters`` >
      only one session is created in session database

 -  **Javascript protection**: set httpOnly flag, to prevent cookie from
-   being caught by javascript code
+   being leaked by malicious javascript code
 -  **Cookie expiration time**: by default, SSO cookie is a session
   cookie, which means it will be destroyed when browser is closed. You
   can change this behavior by setting a cookie expiration time. It must
   be an integer. **Cookie Expiration Time** value is a number of
   seconds until the cookie expires. Set a zero value to disable
   expiration time and use a session cookie.
+-  **Cookie SameSite value**: the value of the SameSite cookie attribute. By
+   default, LemonLDAP::NG will set it to "Lax" in most cases, and "None" if you
+   use SAML. Using "None" requres Secured Cookies, and accessing applications
+   over HTTPS on most web browsers.


 .. danger::
--- a/doc/sources/admin/upgrade_2_0_x.rst
+++ b/doc/sources/admin/upgrade_2_0_x.rst
@ -33,6 +33,9 @@ backups and a rollback plan ready!
   need to manually change your existing
   ``localSessionStorageOptions/cache_root`` parameter from ``/tmp`` to
   ``/var/cache/lemonldap-ng``.
+-  This release fixes several issues when using ``SameSite=None``. The new
+   default value of the SameSite configuration parameter will set SameSite to
+   ``Lax`` unless you are using SAML, which requires ``None``

 2.0.8
 -----