jcandreu@ Thanks for the issue.

Tried this issue on Windows 7 and Mac OS 10.12.6 on the latest Stable 61.0.3163.100 and Canary 63.0.3236.0 following the below steps.

1. Launched Chrome and navigated to the given URL - github.com/Sustainsys/Saml2.
2. Downloaded the zip file and not sure how to proceed further to reproduce the issue.

Request you to please give us the precise steps to reproduce the issue and attach a screen cast for better understanding.

Thanks..

Having the same issue as jcandreu. To reproduce, quite a bit of work is necessary, but if you're willing to go through with it, you should be able to reproduce the issue, @susanjuniab. 

First of all, you will need Visual Studio 2017, the free community edition will do.

Step 3: Unzip the source you downloaded. 
Step 4: Open Samples/SampleAspNetCore2ApplicationNETFramework/Startup.cs and change the following line of code:

From this: 

new IdentityProvider(
                            new EntityId("http://localhost:52071/Metadata"), options.SPOptions)
                        {
                            LoadMetadata = true
                        });

To this:
 new IdentityProvider(
                            new EntityId(http://stubidp.kentor.se/Metadata"), options.SPOptions)
                        {
                            LoadMetadata = true
                        });


Or any other SAML2 supporting Identity provider. 
Then open the SampleAspNetCore2ApplicationNETFramework.csproj in Visual Studio if you have not already done so and run it. You can then access https://localhost:44342 with chrome. Navigate to login, choose Saml2, you will be redirected to the Identity Provider which will just use Sample Data. Just hit Login there again and an exception will occur if you're using Chrome. This won't happen in Microsoft Edge, for example, making me think it's a chrome issue.

Regard,
Eric

Thanks for posting the reproduction steps. I today I was planning to do so. (Owe you a beer).

I have a small question. Does this fails only with Kentor libraries? 

I'm almost 100% it's a chrome issue, since it works in other browsers. But this is not small thing. I'm not quite sure what's the core problem here.

Are you having the same problem as me? first post does not have the cookies set?  I'm not familiar with chrome source code, but if cookies work (because they do) but there is a case where they don't, it must be related to the temp redirect that happens when the Identity Provider redirects the user back to the website.

Thank you for providing more feedback. Adding requester "susanjuniab@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I too believe it is a chrome issue, as far as I could trace it Sustainsys.Saml2 is doing what it is supposed to do. However, I think the reason this has come to light is the AspNetCore 2.0 implementation. Either .net Core 2.0 functionality is different enough from full framework (since I haven't heard of that issue with the "old" Kentor on netfx 4.61 so that this fails in Google Chrome, or Sustainsys' implementation has changed with the switch to .net core. Either way, it works just fine in multiple browsers, so it's likely chrome having a complicated bug.

It's normal SameSite cookies behavior due to the new defaults in ASP.NET Core 2, not a problem with Chrome. https://github.com/Sustainsys/Saml2/pull/822

Issue can be closed since Sustainsys Saml2 library now changed SameSite to SameSiteMode.None.

Thanks to all.

As per comment #7, closing this issue.