Troubleshooting Tip: Getting the error 'SAML user number is more than one and -651: Input value is invalid' when trying to add multiple SAML groups in the firewall policy
| Description | This article describes the possible causes of errors when adding multiple SAML groups to a firewall policy. |
| Scope | FortiGate. |
| Solution | The image below shows a typical error when adding multiple SAML groups to a firewall policy:
In the GUI, the error is as follows:
-651: Input value is invalid.
In the CLI, the error is as follows:
SAML user number is more than one. object set operator error, -651 discard the setting Command fail. Return code 1
This error is triggered when the selected SAML groups belong to different IDPs. Starting with FortiOS v6.4.6, v7.0.1, and v7.2.0, although it is possible to add multiple SAML groups to a single firewall policy, these groups must reference the same SAML IDP server. |
