Staff

Technical Tip: Solving SAML authentication failures with embedded browsers

Forum|Forum|4 months ago
February 9, 2026
0 replies
675 views

Description

This article describes a common issue encountered in FortiClient for iOS version 7.4.10/7.4.11, relating to the use of the embedded browser during authentication.

Scope

iOS FortiClient v7.4.10/v7.4.11.

Solution

In FortiClient iOS versions 7.4.10 and 7.4.11, SAML authentication fails when the embedded browser is used. As a workaround, FortiClient can be configured to use an external browser for the SAML authentication flow.

In the default configuration, the following setting is present:

config vpn ssl settings
set saml-redirect-port 0

Screenshot of the error:

Setting the SAML redirect port to 0 causes FortiClient to rely on the embedded browser, which can lead to authentication failures on iOS in the affected versions.

To force FortiClient to use an external browser, configure a SAML redirect port:

config vpn ssl settings
set saml-redirect-port 8020

After enabling the SAML redirect port, FortiClient will redirect the authentication process to an external browser, allowing the SAML authentication to complete successfully.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded