The purpose of this article is inform users of an upcoming change to Google Chrome in version 80 that may cause issues with authentication in Appian embedded interfaces. The current release date for Google Chrome version 80 is February 4, 2020. The default behavior change that introduces the potential issues with authentication in Appian embedded interfaces is expected to take effect the week of Feb 17, 2020.
After upgrading to Google Chrome version 80, embedded interfaces hosted on a different domain than Appian may experience authentication issues such as HTTP 401 unauthorized errors or a constant need for re-authentication.
e.g. If the embedded page domain is somedomain.net and Appian is hosted on somepage.somedomain.net, users will not experience any issues.
e.g. if the embedded page domain is somedomain.net and Appian is hosted on somepage.differentdomain.net, users may get a 401 error when trying to login to Appian on the embedded page.
In Google Chrome version 80, browser cookies for attribute 'SameSite' are treated as 'SameSite=Lax' by default if no SameSite attribute is specified. For more details about Google Chrome's implementation of this change, please see the Google Chrome Status page for this feature.
Appian is aware of this change and has made updates to all supported version of Appian to resolve any issues as a result of it via AN-142514 in the following hotfixes/versions:
Apply the latest hotfix to your Appian installation or upgrade to the latest version of Appian.
If embedded users authenticate using SAML, the SAML configurations will need the cookies sent from the Identity Provider to have the 'SameSite=None; Secure' attributes. Check with the Identity Provider for how to implement this change, if not already in place.
This article applies to all versions of Appian using Google Chrome version 80 and above as the web browser.
Last Reviewed: February 2020
© 2020 Appian. All rights reserved.