Enabling partitioned cookies
The Partitioned
attribute allows cookies to always be readable within the same context.
About this task
Google Chrome has announced they are deprecating third-party cookies in 2024. This change might break PingFederate use cases based on iframe-based login widgets.
You can enable the Partitioned
attribute for cookies set by PingFederate. This ensures that, when a cookie is created in a given context (such as an application using an embedded login widget), the cookie will continue to be readable within that same context.
This feature is controlled with a config-store
file called global-cookie-config.xml
, and is disabled by default.
Steps
-
Go to
<PF_installation>/server/default/data/config-store/globabl-cookie-config.xml
. -
Change the
enable-partitioned-cookies
value totrue
.The file should now look like the following.
<?xml version="1.0" encoding="UTF-8"?> <c:config xmlns:c="http://www.sourceid.org/2004/05/config"> <c:item name="enable-partitioned-cookies">true</c:item> <!--Partitioned cookie incompatible User-Agent exclusion list each listItem must be regex targeting specific User-Agent(s)--> <c:list name="partitioned-cookies-user-agent-exclusion"></c:list> </c:config>
-
Optional: Alternatively, you can make this change with the following REST call to PingFederate’s administrative API.
curl -u <username:password> -X 'PUT' \ 'https://<PF_host>/pf-admin-api/v1/configStore/global-cookie-config/enable-partitioned-cookies' \ -H 'accept: application/json' \ -H 'Content-Type: application/json' \ -H 'X-XSRF-Header: PingFederate' \ -d '{"id": "enable-partitioned-cookies", "type": "STRING", "stringValue": "true"}'
-
Depending on the clustering mode of your deployment, either:
Choose from:
-
In a standalone environment, restart PingFederate.
-
In a clustered environment, replicate the PingFederate configuration.
-