# SameSite hotfix installation instructions

Updated: February 14, 2020

SecureAuth hotfix 200106_004_8 is specifically built to address the Chrome SameSite issue as discussed in this knowledge base article: SameSite cookie support and Chrome 80.

## Scope

This hotfix is not cumulative, and only addresses the SameSite cookie flag. No other changes are made by this hotfix. The change impacts virtually all cookies generated by the SecureAuth® Identity Platform and SecureAuth IdP products by adding the flag: SameSite=None to all cookies.

## Version support

The hotfix update applies to the following SecureAuth IdP and the Identity Platform product versions:

• 9.1

• 9.2

• 9.3

• 19.07

• 19.07.01

## Prerequisites

The Microsoft updates that support the SameSite flag for the specific Windows Server version and .NET version must be installed on your appliance prior to installation of the SecureAuth hotfix.

Instructions on how to determine which .NET version is installed on your appliance: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed.

### Important

Installation of the Microsoft update requires a system reboot.

## Microsoft Security and Quality Rollup for .NET Framework updates

### December 2019 Patch Tuesday updates

Windows Server version

.NET 4.6-4.7.2

.NET 4.8

2012

4533010

4533003

2012 R2

4533011

4533004

2016

4530689

4532997

### January 2020 Patch Tuesday updates

Windows Server version

.NET 4.6-4.7.2

.NET 4.8

2012

N/A

N/A

2012 R2

N/A

N/A

2016

KB4534271 (see note below) **

KB4532933 (see note below) **

### Important

Windows Server 2016 **

Microsoft has released multiple updates for Windows Server 2016 that supersede KB4534271 and KB4532933.

KB4534271 superseded by:

KB4532933 superseded by:

KB4534307 – January 22, 2020

KB4534126 – January 22, 2020

KB4537764 – February 10, 2020

KB4534126 – February 6, 2020

If you have installed any of the Microsoft updates listed in the table above for Windows Server 2016, the installer will not detect whether the requisite Microsoft update is installed.

Use the -override switch to skip the Microsoft update check.

Windows Server 2008 R2

Windows Server version 2008 R2 is no longer supported; the hotfix installer has not been tested on that platform. The .NET 4.6-4.7.2 update is 4533012 and 4.8 update for 2008 R2 is 4533005.

## Installation

It is recommended to install the hotfix on the server when it is offline / out of service. However, It can technically be run on a live server.

### Important

Installation of the Microsoft update requires a system reboot, however, the SecureAuth hotfix does not.

2. Place the file in a temporary folder on theD:drive of your SecureAuth appliance.

3. Recommended: Take a snapshot of the SecureAuth appliance.

4. Run the HF200106_004_8 executable file as an Administrator.

The application runs silently and typically completes within 30 seconds.

The installation will abort with a message indicating the reason if any of the following occur:

– The prerequisite Microsoft update is not installed

– Identity Platform/SecureAuth IdP customizations in conflict with this hotfix

Otherwise, a message displays indicating that the installation is complete.

No reboot or IISRESET is required.

5. Test your applications, and then put the server back into production.

6. Repeat this process for all servers in your farm.

## Troubleshooting

### Aborted installation

If the installation aborts due to finding customizations, check the logs (located in the same folder as the hotfix) and contact SecureAuth Support.

### Important

This hotfix was specifically designed to avoid customizations. It is very unlikely that the hotfix will encounter any customization conflicts.

### Rollback

If for any reason, you want to rollback this hotfix, revert to your snapshot (see step 3 of the installation procedure) or run the following command:

HF200106_004_8.exe -uninstall

### Override hotfix and customization check

If it is determined that the customized files are not used or needed, this hotfix can be installed and will overwrite those files. In addition, if Microsoft releases a new patch with the SameSite fixes that is not known to the installer (as documented in the above section Microsoft Security and Quality Rollup for .NET Framework updates), this option can be used to override the Microsoft update check. Use the following command:

HF200106_004_8.exe -override