This requires editing: context.xml, web.xml and server.xml, on your server in the server configuration (Server/conf) directory. The rollout of Chromium update 80 has changes the requirements of the same-site authorization. Some changes will need to be made in order to prevent interruptions to your iDashboards.
Additional Reading:
Get Ready for New SameSite=None; Secure Cookie Settings
SameSite Frequently Asked Questions (FAQ)
Will I be affected?
This change will only affect users that are embedding iDashboards via iFrame from a different domain example: idashboards.com/idashboards to mywebsite.com/idashbords. The symptoms will be the page not loading, or getting stuck on a loop trying to login. Or the iDashboards frame loading but no dashboards will be available to select. SSL Certificates for cross-domain access is mandatory.
Testing with Chrome
Open your browser and open the developer tools screen. You can do this by clicking the three dots in the top left next to your profile image. Go to More Tools and select Developer Tools. Select Application for the top menu then go to the menu on the left and expand Cookies you should see the sites your working with.
Shortcuts: Chrome and New Edge ctrl+shift+I
You may also turn off the same-site by default setting in chrome for testing. In the browser URL put the following:
chrome://flags/#same-site-by-default-cookies
Set to Disable
chrome://flags/#cookies-without-same-site-must-be-secure
Set to Disable
Click Relaunch at the bottom of the screen.
Resolution
The first thing will be to update Tomcat. Version Tomcat 9.0.28 and greater and 8.5.48 and greater contains the patch we need (This also might require an update to Java as well). You can find your Tomcat and Java versions by exporting a log from iDashboards from the Admin section of iDashboards. Open the iDashboards.log file, look for the following section logServerInfo(): Server Info: Apache Tomcat this will indicate what version of tomcat you are running. example: logServerInfo(): Server Info: Apache Tomcat/9.0.37 at the same time you can check the java version SYSTEM PROPERTY: java.version=1.8.0_275
If your Tomcat needs upgrading you can reach out to the Technical support team for assistance.
Having the correct version of Tomcat you can move forward with the Tomcat modifications. Access the Tomcat directory config files (idashboards_srv/server/config). The two files we will be editing will be web.xml and context.xml.
Note: If you are hosting other applications on your Tomcat server you might need to add the following changes to the context.xml into the idashboards/META-INF/ directory path to prevent altering the cookie handling of other applications. Please consult the iDashboards Technical Support Team before doing so.
In the context.xml add the following line between <context> </context> tags.
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="none" />
In the web.xml we will need to scroll down and find the session-config section past the highlighted section between the <session-config> </session-config> tags. Be sure to leave the session timeout alone.
<session-config> <cookie-config> <http-only>true</http-only> <secure>true</secure> </cookie-config> <session-timeout>30</session-timeout>
</session-config>
After the changes are made and the SSL certificate is in place you can restart the Tomcat \ iDashboards service (iDashboardsSRV). Now when you go to the site you should see Secure checked and SameSite set to None.
Safari Users
If you are still having issues after this, please go into your Safari Privacy Settings and change the following default setting:
For Mac Users
-
Open Safari if it is not already open
-
Click the Safari menu and choose Preferences and then Privacy
-
Depending on your version of OS: Click Prevent Cross-Site Tracking to disable this setting
For Mobile Apple Users
-
Go to Settings
-
Click on Safari
-
Privacy & Security
-
Turn the toggle Prevent Cross-Site Tracking to OFF
If the above is unable to resolve the issue, then please contact iDashboards Support for further assistance.
Comments
0 comments
Please sign in to leave a comment.