Configuring SAML security to allow Experience Manager in Chrome

To enable users to access Experience Manager on later versions of the Chrome browser, update the noHttpAuthenticationForUrls attribute in Content Manager's security settings to allow Experience Manager.

About this task

If you have implemented SAML authentication for Content Manager, users of Chrome version 80 and later may be blocked from accessing the Experience Manager user interface and Chrome may also show a Javascript error in its debug console.

Chrome 80 introduced a SameSite cookie classification, which blocks any cookies that are not labeled in a certain way. After this update, Chrome no longer classifies Experience Manager as safe. As a workaround, we recommend that you follow this procedure to configure Content Manager security so that SAML will not authenticate the Experience Manager URLs that allow editing content.

Procedure

  1. Access your Content Manager server.
  2. Go to the following location: %TRIDION_HOME%\config\
  3. Locate the Tridion.ContentManager.config file and rename it temporarily to Web.config.
  4. From a Windows command prompt, go to the same directory (%TRIDION_HOME%\config\) and run the following command to decrypt the tridion.security section of the file:
    %SYSTEMROOT%\Microsoft.NET\FRAMEWORK\VERSION\aspnet_regiis.exe -pdf "tridion.security" .
    where:
    • FRAMEWORK is the name of the framework folder, either Framework or Framework64
    • VERSION is the name of the version folder, for example v4.9.30319
  5. Open the file and locate the noHttpAuthenticationForUrls attribute.
  6. Add the following code block just after the existing one for |(.*\/SiteEdit\/Views\/Bootstrap\/.*):
    |(.*\/SiteEdit\/Views\/Content*)
  7. Save and close Web.config.
  8. Again from a Windows command prompt, run the following command to re-encrypt the tridion.security section of the file:
    %SYSTEMROOT%\Microsoft.NET\FRAMEWORK\VERSION\aspnet_regiis.exe -pef "tridion.security" . -prov TridionRsaProtectedConfigurationProvider

    where FRAMEWORK and VERSION are same as in the previous step.

  9. Rename Web.config back to Tridion.ContentManager.config.
  10. Go to the following server location: %TRIDION_HOME%\web\WebUI\Editors\SiteEdit\Views\Bootstrap
  11. Copy the Web.config file.
  12. Go up one level to %TRIDION_HOME%\web\WebUI\Editors\SiteEdit\Views\ and paste the copied Web.config file.
  13. Restart all SDL Tridion Sites Windows services associated with the Content Manager server.
  14. Restart IIS.