Cookie “rorCookie_oidc_kc2” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read Set-Cookie - HTTP | MDN
Very interesting, there might be some tweaks missing on the cookie side. I believe the fastest way to debug/fix this is right in your environment (because you are certainly able to reproduce it).
You can try adding some cookie optoins in this file:
Thank you for your answer. Unfortunately, what you proposed didn’t work.
I did a little experiment and ran a Keycloak instance with the same version (9.0.0) as our dev server’s and got the same error. So I think it has something to do with that.
We also recently sorted the “secure” and “sameSite” situation in ROR cookies in ROR Enterprise 1.35.0, and I would like to send you a pre build in private.