Staff & Editor

Technical Tip: SAML Daemon (samld) may Crash Due to Missing Argument in SP Login Response

Forum|Forum|1 year ago
November 4, 2024
0 replies
461 views

Description

This article provides a fix for an issue where the SAML daemon (samld) might intermittently crash on the FortiGate when it receives a high volume of concurrent SSL VPN SAML login requests.

Scope

FortiGate v7.0.11, v7.2.8.

Solution

When numerous concurrent SSL VPN SAML login requests are received on the FortiGate, the samld daemon may crash, leading to VPN disconnections.

This occurs due to the absence of a crucial parameter in the Service Provider (SP) login response.

diag debug crashlog read
10990: 2023-04-13 13:58:29 the killed daemon is /bin/samld: status=0xb
10991: 2023-04-14 06:58:28 the killed daemon is /bin/samld: status=0xb
10992: 2023-04-18 06:57:58 the killed daemon is /bin/samld: status=0xb
10993: 2023-04-18 07:21:01 the killed daemon is /bin/samld: status=0xb
10994: 2023-04-18 07:21:10 the killed daemon is /bin/samld: status=0xb
10995: 2023-04-18 07:21:11 the killed daemon is /bin/samld: status=0xb

This issue has been resolved in FortiOS v7.2.9, v7.4.4, v7.6.0

Logs required by FortiGate TAC for investigation.

Debugs:

diagnose debug application samld -1
diagnose debug application sslvpnd -1
diagnose debug timestamp enable
diagnose debug enable
<Reproduce the issue>
diag debug disable

TAC Report: execute tac report
Configuration file of the FortiGate.

FortiClient debug logs:

Technical Tip: How to enable debug log in FortiClient

Technical Tip: How to enable debug log level on FortiClient endpoints managed by EMS

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded