From 7c51afa36c4db2ba7742d4ba6655f78dfb354db2 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 6 Jul 2021 12:39:51 +0200
Subject: [PATCH] root: set samesite to None for SAML POST flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/root/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentik/root/settings.py b/authentik/root/settings.py
index d9977031c..638bcc169 100644
--- a/authentik/root/settings.py
+++ b/authentik/root/settings.py
@@ -203,7 +203,7 @@ DJANGO_REDIS_IGNORE_EXCEPTIONS = True
 DJANGO_REDIS_LOG_IGNORED_EXCEPTIONS = True
 SESSION_ENGINE = "django.contrib.sessions.backends.cache"
 SESSION_CACHE_ALIAS = "default"
-SESSION_COOKIE_SAMESITE = "lax"
+SESSION_COOKIE_SAMESITE = "None"
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 
 MESSAGE_STORAGE = "authentik.root.messages.storage.ChannelsStorage"