3.11 Configuring Support for Access Manager on Google Chrome Browser

Google Chrome version 80 introduces a change of how cookies are handled in web browser. To support this Chrome version, configure following options.

For Identity Server

Uncomment the ResponseCookieProcessor filter configuration to set the <param-name>.

You must change the value from Active to True in the web.xml file.

The web.xml file is located in the following path:

Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF

Windows: /opt/novell/nam/idp/webapps/nidp/WEB-INF

 <filter>
       <filter-name>ResponseCookieProcessor</filter-name>
       <filter-class>com.novell.nidp.servlets.filters.cookie.ResponseCookieProcessor</filter-class>
       <description>This filter is used to edit Response cookies before delivering to the client.</description>
       <init-param>
               <param-name>Active</param-name>
               <param-value>False</param-value>
       </init-param>
       <init-param>
               <param-name>SameSiteLevel</param-name>
               <param-value>None</param-value>
       </init-param>     
    </filter>
    <filter-mapping>
        <filter-name>ResponseCookieProcessor</filter-name>
        <url-pattern>/*</url-pattern>
 </filter-mapping>

Restart the servers.

NOTE:Perform the above steps on each node of Identity Server.

For Access Gateway:

Click Devices > Access Gateways > Edit > Advanced Options.
Add the following Global Advanced Options:
- NAGGlobalOptions SameSiteCookie=on. This option sets SameSite=None to all Set-Cookie headers coming from Access Gateway.
- NAGGlobalOptions SameSiteOption SameSite=<input-string>. Instead of using the default value None for the SameSite value, you can set it to Lax or Strict. For example, NAGGlobalOptions SameSiteOption "SameSite=Strict” or NAGGlobalOptions SameSiteOption "SameSite=Lax".
(Optional) Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Advanced Options.
Add the following options at proxy service level:
- NAGHostOptions SameSiteCookie=on
- NAGHostOptions SameSiteOption SameSite=<input-string>. <input-string> can be Strict or Lax.
  
  For more information about these options, see Access Gateway Advanced Options in the Access Manager 4.5 Administration Guide.