We are using CA Siteminder as our IdP and for SSO, which creates the SMSESSION cookie. It is also setting SameSite=None and Secure attributes.
All browsers are cooperating except older versions of Safari (like 12.x). This seems to be a known issue. And CA has a documented fix for this with one of their patches.
We applied the samesiteincompatibleuseragents setting with the value of "browser=Safari|MajorVersion=[1-13]", which was the fix Broadcom (CA) is recommending.
But this fix doesn't seem to work.
Any ideas are welcome.
Well, after a couple back and forth discussion with Broadcom, they told us that Version number specified for Safari is WebKit version and not the browser version. We changed the setting to "browser=Safari|MajorVersion=[538-605]" to find the sweet spot.
This setting worked for us.