I’m trying to <iframe>
my WordPress site which is using miniOrange SAML 2.0 SSO together with Azure AD.
The <iframe>
simply shows up as a gray page. When I look at the network tab in Chrome, I can see that there is a redirect loop. The site works when I visit it through it’s URL, but it does not work as a <iframe>
.
I can see that the set-cookie header for the WP-login fails due to missing SameSite attribute.

Is it possible somehow to add a SameSite attribute to the set-cookie header?