Technical Tip: Resolving FSSO Issues with FortiAuthenticator and FortiGate

Description

This article describes a technical solution to resolve issues with FortiAuthenticator and FortiGate, where the correct policy is not being applied to users on wired networks, and the username is not displayed on the replacement message when accessing a blocked site. The user may experience issues with FSSO, including incorrect policy application and missing username information.

Scope

FortiAuthenticator FortiGate.

Solution

To resolve the FSSO issues with FortiAuthenticator and FortiGate, follow these steps:

1. Go to FortiAuthenticator -> Fortinet SSO -> Methods -> RADIUS Accounting and select the switch configuration.

2. Disable the option Strip off prefix or suffix from username if any.   
   
   

   

   
   
   

3. Enable the option Use a different attribute to search for the user in the remote LDAP server (instead of the username attribute specified in the remote LDAP server settings) and specify the attribute mail or the attribute admiistrator wants to define.

4. Save the changes and test the configuration by having a user connect to the network and access a blocked site to verify that the correct policy is applied and the username is displayed on the replacement message.

By following these steps, the FSSO issues with FortiAuthenticator and FortiGate should be resolved, and the correct policy should be applied to users on wired networks, with the username displayed on the replacement message when accessing a blocked site.