Safari browser not opening attachments when using OWA, ADFS and PrivacyIDEA


I know this is a very specific question, and I already exhausted all my known channels like searching and AI on the internet so I would like to ask if any of you have dealt with this before. I have setup an on-premise MS Exchange 2016-cu22 and I would like to use two-factor token authentication for the Web Access. I followed the instructions, installing ADFS, adding the PrivacyIDEA plugin and setting it all up. Everything is working as expected for all browsers except Safari on MacOS and IOS. After login, all browsers work as expected, but when opening an attachment, Safari only shows a blank page. After investigating, the OWA webserver reports that there is an unauthorised access to the URL pointing to the attachment. If I inspect the webtraffic, I can see that all browsers send the authentication cookie during the attachment request, but Safari does not. This happens specifically during a redirection (an HTML 302 code) when requesting the attachment. This redirection occurs due to a CVE by Microsoft that attachments should point to a different URL then the main OWA url. The solutions seems to lie in having Safari send cookies during a 302. Is there anything (besides convincing Apple to change there browser) that I can do about this, because I would really like to use Two-factor authentication in OWA?

(Note: without ADFS, the OWA works without issues for all browsers)


i dont really understand: is there a problem with our adfs provider in safari or is it adfs in general?
our provider does not interfere with outgoing requests.
maybe there is plugin for safari that lets you manipulate requests?

The problem is Safari not sending cookies consistently during the authentication between OWA and ADFS. Although searching the internet also gives a lot of issues regarding Safari and cookies, I was wondering if someone got this to work for OWA, perhaps via a sort of hack in the IIS replies or something else.