SAP Knowledge Base Article - Public

2878311 - Login after Chrome80 SameSite by default - Secure Cookie Settings change

Symptom

SuccessFactors Adoption of SameSite to support Secure Cookie Settings change

Environment

SAP SuccessFactors HXM Suite

Cause

Beginning Feb 4th 17th(New date announced), 2020, Google’s Chrome Browser version 80 (“Chrome 80”) is introducing new parameters to make the browser more secure, specifically for cross-site navigation and access. Below are links to Chrome’s overall release schedule and details on the work that they are doing, which is specific to the security improvements.

Resolution

The updates in Chrome 80 requires changes to be made to SuccessFactors’ code to ensure that the application works properly when run on Chrome 80.  SuccessFactors will patch these code changes on Feb 2nd, 2020.

How does it impact me? 

SuccessFactors has identified areas of impact, if the requisite code changes are not made and deployed by February 4th, 2020. These include access to some SuccessFactors Applications and some 3rd party (non-SuccessFactors) applications, including but not limited to:

  1. Learning Management System
  2. Workforce Analytics Application
  3. Jam Application when accessed from Home Page
  4. Recruiting Marketing application
  5. Workforce and Benefit Focus applications
  6. Any SuccessFactors application when accessed from customer company portal via an i-frame

What action should I take?

With the patch getting deployed on February 2nd, we expect no impact to end users.

If a user cannot access any of the applications (listed above or others) when using SuccessFactors application in Chrome Browser, please notify through the standard support process. As a workaround, a user can use any other browser to continue to use these applications.

*For Employee Central customers using Mashups

Please refer to KBA 2887555 - Google Chrome 80: Issues when using mashups in SuccessFactors Employee Central

*For Validated Learning customers only

Additional fix will be needed and will be added to the current 1808 patch 27 release and redeployed to your environments on the schedule below:

  • Sandbox Environment – February 6, 2020
  • Preview Environment – February 9, 2020

This will allow you to continue validation of the current patch 27 without alteration of the planned Production Environment schedule of February 22, 2020.  Until that date, it is advised that Validated SaaS customers either delay upgrade of their Chrome browser to the latest version (80), use a different browser other than the latest version (80) of Chrome to access the LMS, or follow the steps below to update the Chrome 80 browser settings which will allow for continued operation.

How disable SameSite by Default?

  1. Type “chrome://flags” in the URL
  2. Search for “SameSite”
  3. Change “SameSite by default cookies” to Disabled
  4. Change “Cookies without SameSite must be secure” to Disabled
  5. Click the “Relaunch” button

Keywords

PLT-75905, Chrome80, SameSite, SameSite=None, SSO, Cookies, Secure, Single-Sing On, Validated Learning , KBA , LOD-SF-PLT-SEC , Security & Permissions , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Product Enhancement

Product

SAP SuccessFactors HXM Suite 1911 ; SUCCESSFACTORS BIZX SUITE 2005