Documentation


Updated: February 13, 2020

SecureAuth hotfix 200106_004_8 is specifically built to address the Chrome SameSite issue as discussed in this knowledge base article: SameSite cookie support and Chrome 80.

Scope

This hotfix is not cumulative, and only addresses the SameSite cookie flag.  No other changes are made by this hotfix. The change impacts virtually all cookies generated by the SecureAuth® Identity Platform and SecureAuth IdP products by adding the flag: SameSite=None to all cookies. 

Version support

The hotfix update applies to the following SecureAuth IdP and the Identity Platform product versions: 

  • 9.1
  • 9.2
  • 9.3
  • 19.07
  • 19.07.01

Prerequisites

The Microsoft updates that support the SameSite flag for the specific Windows Server version and .NET version must be installed on your appliance prior to installation of the SecureAuth hotfix.

Instructions on how to determine which .NET version is installed on your appliance: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed

Installation of the Microsoft update requires a system reboot.

Microsoft Security and Quality Rollup for .NET Framework updates

December 2019 Patch Tuesday updates

Windows Server version.NET 4.6-4.7.2.NET 4.8
201245330104533003
2012 R245330114533004
201645306894532997

January 2020 Patch Tuesday updates

Windows Server version.NET 4.6-4.7.2.NET 4.8
2012N/AN/A
2012 R2N/AN/A
2016KB4534271 (see note below) **KB4532933 (see note below) **

Windows Server 2016 ** 

Microsoft has released multiple updates for Windows Server 2016 that supersede KB4534271 and KB4532933.

KB4534271 superseded by: KB4532933 superseded by:
KB4534307 – January 22, 2020KB4534126 – January 22, 2020
KB4537764 – February 10, 2020KB4534126 – February 6, 2020

If you have installed any of the Microsoft updates listed in the table above for Windows Server 2016, the installer will not detect whether the requisite Microsoft update is installed.

Use the -override  switch to skip the Microsoft update check.

Windows Server 2008 R2

Windows Server version 2008 R2 is no longer supported; the hotfix installer has not been tested on that platform. The .NET 4.6-4.7.2 update is 4533012 and 4.8 update for 2008 R2 is 4533005

Installation

It is recommended to install the hotfix on the server when it is offline / out of service. However, It can technically be run on a live server. 

Installation of the Microsoft update requires a system reboot, however, the SecureAuth hotfix does not. 

  1. Click and download this hotfix:  HF200106_004_8  
  2. Place the file in a temporary folder on the D: drive of your SecureAuth appliance. 
  3. Recommended: Take a snapshot of the SecureAuth appliance. 
  4. Run the HF200106_004_8 executable file as an Administrator. 
    The application runs silently and typically completes within 30 seconds. 
    The installation will abort with a message indicating the reason if any of the following occur:
         – The prerequisite Microsoft update is not installed
         – Identity Platform/SecureAuth IdP customizations in conflict with this hotfix
    Otherwise, a message displays indicating that the installation is complete.
    No reboot or IISRESET is required. 
  5. Test your applications, and then put the server back into production. 
  6. Repeat this process for all servers in your farm. 

Troubleshooting

See the following troubleshooting issues, If you have any other issues, please contact SecureAuth Support. 

Aborted installation

If the installation aborts due to finding customizations, check the logs (located in the same folder as the hotfix) and contact SecureAuth Support. 

This hotfix was specifically designed to avoid customizations.  It is very unlikely that the hotfix will encounter any customization conflicts. 

Rollback

If for any reason, you want to rollback this hotfix, revert to your snapshot (see step 3 of the installation procedure) or run the following command:

HF200106_004_8.exe -uninstall

Override hotfix and customization check

If it is determined that the customized files are not used or needed, this hotfix can be installed and will overwrite those files.  In addition, if Microsoft releases a new patch with the SameSite fixes that is not known to the installer (as documented in the Microsoft Security and Quality Rollup for .NET Framework hotfixes section), this option can be used to override the Microsoft update check.  Use the following command:

HF200106_004_8.exe -override

  • No labels