I’m trying to <iframe> my WordPress site which is using miniOrange SAML 2.0 SSO together with Azure AD.
The <iframe> simply shows up as a gray page. When I look at the network tab in Chrome, I can see that there is a redirect loop. The site works when I visit it through it’s URL, but it does not work as a <iframe>.
I can see that the set-cookie header for the WP-login fails due to missing SameSite attribute.
Is it possible somehow to add a SameSite attribute to the set-cookie header?