In order to add additional security to none standard browsers we should explicitly set the SameSite cookie value[1][2] in apereo cas. It seems mod_auth_cas has a setting for this so it should be fairly trivial
[1]https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
[2]https://web.dev/samesite-cookies-explained/#explicitly-state-cookie-usage-with-the-samesite-attribute