LemonLDAP session cookie - SameSite attribute
Chrome 80 will consider cookies as "Samesite=Lax" by default. This is an issue using applications protected by LemonLDAP included into iframes. We need to have the ability to set the SameSite attribute of session cookies to "None".
Usecase: MyDomain is SP, and is included as an iframe in Domain2 website (SP) -> SSO broken (infinite loop), because LemonLDAP session cookie does not have the SameSite attribute, so the session cookie is not sent
To upload designs, you'll need to enable LFS. More information