Documentation

 

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Updated: February 13, 2020

SecureAuth hotfix 200106_004_8 is specifically built to address the Chrome SameSite issue as discussed in this knowledge base article: SameSite cookie support and Chrome 80.

Scope

This hotfix is not cumulative, and only addresses the SameSite cookie flag.  No other changes are made by this hotfix. The change impacts virtually all cookies generated by the SecureAuth® Identity Platform and SecureAuth IdP products by adding the flag: SameSite=None to all cookies. 

Version support

The hotfix update applies to the following SecureAuth IdP and the Identity Platform product versions: 

  • 9.1
  • 9.2
  • 9.3
  • 19.07
  • 19.07.01

Prerequisites

The Microsoft updates that support the SameSite flag for the specific Windows Server version and .NET version must be installed on your appliance prior to installation of the SecureAuth hotfix.

...

This page has moved to the new docs site: https://docs.

...

secureauth.com/1907/en

...

UI Text Box
sizemedium
typenote

Installation of the Microsoft update requires a system reboot.

...

December 2019 Patch Tuesday updates

...

January 2020 Patch Tuesday updates

...

sizemedium
typenote

Windows Server 2016 ** 

Microsoft has released multiple updates for Windows Server 2016 that supersede KB4534271 and KB4532933.

...

If you have installed any of the Microsoft updates listed in the table above for Windows Server 2016, the installer will not detect whether the requisite Microsoft update is installed.

...

Windows Server 2008 R2

Windows Server version 2008 R2 is no longer supported; the hotfix installer has not been tested on that platform. The .NET 4.6-4.7.2 update is 4533012 and 4.8 update for 2008 R2 is 4533005

Installation

It is recommended to install the hotfix on the server when it is offline / out of service. However, It can technically be run on a live server. 

UI Text Box
sizemedium
typenote

Installation of the Microsoft update requires a system reboot, however, the SecureAuth hotfix does not. 

  1. Click and download this hotfix:  HF200106_004_8  
  2. Place the file in a temporary folder on the D: drive of your SecureAuth appliance. 
  3. Recommended: Take a snapshot of the SecureAuth appliance. 
  4. Run the HF200106_004_8 executable file as an Administrator. 
    The application runs silently and typically completes within 30 seconds. 
    The installation will abort with a message indicating the reason if any of the following occur:
         – The prerequisite Microsoft update is not installed
         – Identity Platform/SecureAuth IdP customizations in conflict with this hotfix
    Otherwise, a message displays indicating that the installation is complete.
    No reboot or IISRESET is required. 
  5. Test your applications, and then put the server back into production. 
  6. Repeat this process for all servers in your farm. 

Troubleshooting

See the following troubleshooting issues, If you have any other issues, please contact SecureAuth Support. 

Aborted installation

If the installation aborts due to finding customizations, check the logs (located in the same folder as the hotfix) and contact SecureAuth Support. 

UI Text Box
sizemedium
typeinfo

This hotfix was specifically designed to avoid customizations.  It is very unlikely that the hotfix will encounter any customization conflicts. 

Rollback

If for any reason, you want to rollback this hotfix, revert to your snapshot (see step 3 of the installation procedure) or run the following command:

HF200106_004_8.exe -uninstall

Override hotfix and customization check

If it is determined that the customized files are not used or needed, this hotfix can be installed and will overwrite those files.  In addition, if Microsoft releases a new patch with the SameSite fixes that is not known to the installer (as documented in the Microsoft Security and Quality Rollup for .NET Framework hotfixes section), this option can be used to override the Microsoft update check.  Use the following command:

...

/samesite-hotfix-installation-instructions.html