Safari v18 Update Impacts SSO

Safari Upgrade 18 Impacts SSO Application Launches in RapidIdentity Cloud

The recent release of Safari 18, distributed with the iOS 18 and macOS Sequoia 15 upgrade impacts SSO application launches on iOS and macOS devices in RapidIdentity Cloud.

According to Apple’s Safari 18.0 Release Notes, the upgrade resolves issue 109358563 and has “Fixed incorrect Sec-Fetch-Site value for navigation of a nested document” and causes a security error in RapidIdentity as the Sec-Fetch-Site value returned by Safari is not the expected value for the Cross-Origin Resource Sharing state during launch.

IMPACT

Although specific to Safari 18, this upgrade also affects Chrome and Firefox browsers running on iOS 18 devices launching SSO applications from RapidIdentity Cloud in the Enterprise View. SSO application launches from RapidIdentity LTS and RapidIdentity Cloud in the GO! View using Safari 18, Chrome or Firefox are not affected.

This issue appears to only affect macOS Sequoia 15 users in Safari 18, Chrome does not appear to be impacted on macOS Sequoia 15 devices.

Users affected by the Safari 18 upgrade will receive a “Request is Invalid” error when launching an SSO Application from RapidIdentity Cloud in the Enterprise View. Users can refresh/reload the page to successfully open the application.

Identity Automation is actively pursuing a resolution to the Cross-Origin Resource Sharing change introduced in Safari 18 at this time. Given the security implications and  inconsistent behavior between browsers on different Apple devices, all proposed resolutions must be thoroughly evaluated and tested prior to implementation to assure the continued successful operation with other operating systems and browsers.  

Customers are advised to subscribe to https://status.identityautomation.com/ for continued updates on this issue.