SSO samesite cookie policy needs to be disabled for it to work properly

I’ve configured my Auth0 application that will enable my sites to work with SSO, so the user doesn’t need to log-in every time.

There’s an scenario where my site is shown inside an iframe on another site (mine too), but in order for it to work properly, I needed to disable the SAMESITE cookie policy.

Is this expected behavior?

Also, I configured an Enterprise connection with Auth0 and in order for it to work with SSO, also had to configure the auth server to emit the session cookie with the SAMESITE policy disabled.

Hey there @somedude, are you seeing any error in console or within the Auth0 Logs when the site is being displayed in the iframe? I am curious on this subject and would love to snag more details on what is going. Thanks in advance!

In this case, there’s no errors in the iframe console, it just gets stuck in a redirect loop, but then when I disabled the SAMESITE cookie policy in the website that shows inside the iframe, it worked.

I’m going to try to test again today (because it’s been a while) and check the Auth0 logs and keep you posted.

1 Like

Sounds great, let us know!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.