Field Notice: FN - 70512 - Chrome 80 Breaks Cisco Finesse Single Sign-On APIs for Third-Party Integrations - Software Upgrade Recommended

Available Languages

Updated:March 30, 2020

Document ID:FN70512

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	30-Mar-20	Initial Release

Products Affected

Affected OS Type	Affected Software Product	Affected Release	Affected Release Number	Comments
NON-IOS	Finesse Software	12	12.0(1)

Defect Information

Defect ID	Headline
CSCvs73491	Chrome 80 breaks Cisco Finesse Single Sign-On APIs for third-party integrations

Problem Description

Google Chrome 80, which was released by Google in February 2020, changes the default behavior of cookies in cross-domain scenarios (SameSite).

chrome://flags/#same-site-by-default-cookies Default will be Enabled

https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

This change in Google Chrome breaks the Cisco Finesse Single Sign-On implementation for third-party integrations.

Our connector is loaded in an iframe within a different domain and uses the Cisco Finesse Single Sign-On APIs to fetch and refresh a Finesse Rest API access token. Cisco Finesse does not set the SameSite attribute on their SSO token cookies. In Chrome 80, the default behavior for cookies that do not have a SameSite attribute changes from 'None' to 'Lax'. Therefore the cookies are no longer sent in a cross-domain request. However, this is required for third-party integration.

IDS should set the SameSite attribute to 'None' in order to maintain this functionality.

Background

Chrome 80 changes the default value for the Samesite cookie attribute from 'None' to 'Lax'. The result is that the browser does not send cookies without the SameSite attribute in many cross-site request scenarios.

Status tracking for this Chrome feature can be found here:

https://www.chromium.org/updates/same-site

https://www.chromestatus.com/feature/5088147346030592

Problem Symptom

Upgrade Chrome to version 80 on Client Machine connecting to Finesse 11.6 or 12.0 or 12.5 with IDS

Workaround/Solution

https://software.cisco.com/download/home/283613135/type/284259728/release/12.0(1)ES3

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Finesse