Behind the Blackboard! Chrome 80 Update Same Site cookie restrictions break SAML login cookie - Behind the Blackboard Skip Navigation
Download PDF  Icon Download PDF    Print article

Chrome 80 Update Same Site cookie restrictions break SAML login cookie

Date Published: Feb 13,2020


CategoryPlanned First Fix Release:SaaS - v3800.2.0,Learn 9.1, 3900.0.0 Release; Product:Application and Webserver; Version:Learn 9.1 Q4 2019 (3800.0.0),Learn 9.1 Q4 2017 (3300.0.0),Learn 9.1 Q2 2018 (3400.0.0),Learn 9.1 Q4 2018 (3500.0.0),Learn 9.1 Q2 2019 (3700.0.0),SaaS
Article No.: 000056767
Product:
Blackboard Learn
Release:
9.1;SaaS
Service Pack(s):
Learn 9.1 Q4 2019 (3800.0.0), Learn 9.1 Q4 2017 (3300.0.0), Learn 9.1 Q2 2018 (3400.0.0), Learn 9.1 Q4 2018 (3500.0.0), Learn 9.1 Q2 2019 (3700.0.0), SaaS
Description:
On February 4, 2020 Google released Chrome 80.  Testing has shown Chrome 80 affects SAML authentication, causing user login to fail.
Steps to Repeat:
  1. Install Chrome beta release to v80
    • https://www.chromium.org/getting-involved/dev-channel
  2. Open chrome://flags/ to change experimental features
  3. Enable "SameSite by default cookies" and "cookies without SameSite must be secure" (these are the two changes Google is going to enable by default in v80)
  4. Go to Blackboard Learn
  5. Select the 3rd party dropdown to login via SAML
  6. Attempt to log in with SAML user
 
Expected Behavior:
The login is successful.

Observed Behavior:
The login fails.


 

Symptoms:

Note:  Chrome has a temporary exception to this new rule if the cookie in question is under 2 minutes old.  If you access the Learn site for the first time (no existing cookies), your login may succeed.  To replicate, wait two minutes, log out and log back in.  Blackboard will attempt to re-use the existing cookie, which will now be old enough to get stripped by the new rule.


Firefox also plans on rolling out the same change, but we do not yet know when this change will occur: Related Support Bulletins:


Resolution/Workaround:

Use a different Browser:
  • Mozilla Firefox 
  • Microsoft Edge


Target Release:

Learn 9.1, 3900.0.0

SaaS - Fixed (v3800.2.0)

Patch Available:

Yes

Patch Versions:

Learn 9.1 Q2 2019;Learn 9.1 Q4 2018;Learn 9.1 Q2 2018 (3400.0.0-rel.44+9fb1e0e)

Patch Information:

Updates to resolve this issue are available for the following release(s):
 
ReleaseCUPDATEUpdate Access
Learn 9.1 Q2 2018CU15Access via installer in Cumulative Update 15 for Blackboard Learn, 9.1 Q2 2018 - Article #52013
Learn 9.1 Q4 2018CU10Access via installer in Cumulative Update 10 for Blackboard Learn, 9.1 Q4 2018 - Article #52014
Learn 9.1 Q2 2019CU7Access via installer in Cumulative Update 7 for Blackboard Learn, 9.1 Q2 2019 - Article #52015
Learn 9.1 Q4 2019CU1Access via installer in Cumulative Update 1 for Blackboard Learn, 9.1 Q4 2019 - Article #52021




The information contained in the Knowledge Base was written and/or verified by Blackboard Support. It is approved for client use. Nothing in the Knowledge Base shall be deemed to modify your license in any way to any Blackboard product. If you have comments, questions, or concerns, please send an email to kb@blackboard.com. © 2022 Blackboard Inc. All rights reserved