From 5350fee90d4982d51d862d41f23bcff5d2829469 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Mon, 17 Dec 2018 12:50:32 +0100
Subject: [PATCH] Fix SAML Client login flow on Apple devices

Because the redirect from the SAML/SSO endpoint is a POST the lax/strict
cookies are not properly send.

Note that it is not strictly requried on this endpoint as we do not need
the remember me data. Only the real session info is enough. The endpoint
is also already protected by a state token.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 core/Controller/ClientFlowLoginController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 83bd9faa6c724..7fb89f5ff8222 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -207,6 +207,7 @@ public function showAuthPickerPage($clientIdentifier = '') {
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
+	 * @NoSameSiteCookieRequired
 	 * @UseSession
 	 *
 	 * @param string $stateToken