Skip to main content
sfernando
Staff
sfernando
Staff
December 19, 2024

Technical Tip: Basic checks for SAML issues, rising after upgrading the FortiAuthenticator

  • December 19, 2024
  • 0 replies
  • 267 views
Description This article explains a basic check for issues arising after upgrading FortiAuthenticator, where SAML is not functioning as expected and giving various errors. It was observed that certain default settings and other features get changed. 
Scope FortiAuthenticator v6.5.x and v6.6.x.
Solution

Check the following common settings.

  1. Interface access rights under System -> Network -> Interface- > Access Rights -> Services.
  2. SAML settings under  Authentication --> SAML IdP (General and Service provider).

 

Apart from the above common settings, it is required to check the 'Allowed host and domain names' setting as SAML uses different domains during the SAML communication under System -> Administrator -> System access -> GUI access.

 

ddddde.jpg

 

If 'Allow all hosts/domain names' are enabled FortiAuthenticator will allow any hosts and domain names. This is highlighted in red.

Optionally, only related hosts and domain names can be allowed which may be related to SAML and if needed other services.

 

Related document:

SAML Authentication.
    Terms & ConditionsAccessibility statement