Cookies To Delete In Single Sign-On (SSO) SAML Using Active Directory as Identity Provider (IdP)
FYI:
- IF you are using Single Sign-On (SSO) SAML using Active Directory as the Identity Provider (IdP) with your Jama Connect instance (in our case Jama Connect Cloud)
- AND IF someone's having trouble logging into that instance
- AND IF you suspect the problem is a particular browser's session cookies
Below are the cookies you should try deleting from that browser session:
- sharepoint* (including sub-domains)
- live* (including sub-domains)
- microsoft* (including sub-domains)
- office* (including sub-domains)
- msauth* (including sub-domains)
- msft* (including sub-domains
- msn* (including sub-domains)
- azure* (including sub-domains)
- bing* (including sub-domains)
- *.ms (including sub-domains)
- auth0* (including sub-domains)
- jama* (including sub-domains)
I'm not 100% sure about every single one of those — but I'd rather delete those particular cookies than completely clear cookies.
Background:
Somehow the SSO cookies for JamaCloud got messed up on my Firefox browser. I'd try to get to JamaCloud — and it would throw this dialog at me:
When I would click the OK button, I'd get a 401 Unauthorized error, complaining about CSRF.
I could log in just fine in Firefox Private Browsing and elsewhere, so something was borked in my browser session.
After much guessing, I built the above list of cookies to delete…and finally I was able to log back into JamaCloud from my main Firefox browser session.
Passing this along in case anybody else gets stuck.