wso2-extensions · Thisara-Welmilla · Oct 19, 2023 · Oct 16, 2023 · Oct 18, 2023
diff --git a/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java b/....saml/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.java
@@ -1503,11 +1503,21 @@ private void storeTokenIdCookie(String sessionId, HttpServletRequest req, HttpSe
         if (IdentityTenantUtil.isTenantedSessionsEnabled() &&
                 sessionId.endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) {
             if (loggedInTenantDomain != null) {
-                samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
-                        SAMLSSOConstants.COOKIE_ROOT_PATH);
+                if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                        MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) {
+                    samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                } else {
+                    samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
+                            SAMLSSOConstants.COOKIE_ROOT_PATH);
+                }
             } else {
-                samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain +
-                        SAMLSSOConstants.COOKIE_ROOT_PATH);
+                if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                        MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
+                    samlssoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                } else {
+                    samlssoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + tenantDomain +
+                            SAMLSSOConstants.COOKIE_ROOT_PATH);
+                }
             }
             isTenantQualifiedCookie = true;
         } else {
@@ -1560,8 +1570,14 @@ public void removeTokenIdCookie(HttpServletRequest req, HttpServletResponse resp
                     boolean isTenantQualifiedCookie = false;
                     if (IdentityTenantUtil.isTenantedSessionsEnabled() && cookie.getValue() != null &&
                             cookie.getValue().endsWith(SAMLSSOConstants.TENANT_QUALIFIED_TOKEN_ID_COOKIE_SUFFIX)) {
-                        samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain +
-                                SAMLSSOConstants.COOKIE_ROOT_PATH);
+
+                        if (!IdentityTenantUtil.isSuperTenantRequiredInUrl() &&
+                                MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(loggedInTenantDomain)) {
+                            samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);
+                        } else {
+                            samlSsoTokenIdCookie.setPath(FrameworkConstants.TENANT_CONTEXT_PREFIX + loggedInTenantDomain
+                                    + SAMLSSOConstants.COOKIE_ROOT_PATH);
+                        }
                         isTenantQualifiedCookie = true;
                     } else {
                         samlSsoTokenIdCookie.setPath(SAMLSSOConstants.COOKIE_ROOT_PATH);

diff --git a/pom.xml b/pom.xml
@@ -457,7 +457,7 @@
     <properties>
         <carbon.kernel.version>4.9.10</carbon.kernel.version>
         <carbon.kernel.feature.version>4.9.0</carbon.kernel.feature.version>
-        <carbon.identity.framework.version>5.25.380</carbon.identity.framework.version>
+        <carbon.identity.framework.version>5.25.406</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.25.260, 7.0.0)
         </carbon.identity.framework.imp.pkg.version.range>
         <carbon.identity.organization.management.core.version>1.0.0</carbon.identity.organization.management.core.version>