Feature: Remove Auth0 Internal Cookie Requirement During SSO
We are hosting a multi-tenant solution that authenticates users through Auth0. Our users will be logged into many different websites with different URLs. They will click a link that initiates a SAML SSO IdP-Initiated assertion to a SAML Connection/Authentication at Auth0.
This occurs inside of iFrame and the domain of the surrounding frame must be different than the Auth0 domain. Since the domain of the iframe cannot match the domain of our Auth0 tenant, Safari Intelligent Tracking prevention will delete/not set any cookies that are set by Auth0.
The error is occurring when Auth0 is internally redirecting between these two URLs:
Because the Auth0 instance is in a cross-site iframe, Safari ITP is blocking and not persisting the following two cookies:
Since the Auth0 cookies are not persisted, it causes Auth0 to show an error page that state has been lost.
Tracked as a support ticket as well: Auth0 Support Center