Troubleshooting Tip: ZTNA SAML authentication loop after firmware upgrade to v7.4.5
| Description | This article describes how to fix the ZTNA SAML authentication loop after a firmware upgrade to v7.4.5. |
| Scope | FortiGate, |
| Solution | 
The ZTNA SAML authentication keeps on looping when using TCP forwarding access proxy and after the firmware upgrade from v7.2.8 to v7.4.5.
The loop will continue even after the user enters the correct credentials.
The issue is due to the FortiGate ZTNA Proxy gateway having the same IP or URL with the Service Provider URL (FortiGate acting as SP).
This issue is not seen in v7.2.
The workaround is to use a different URL or IP on either the ZTNA Proxy gateway or the Service Provider URL (FortiGate acting as SP). Just ensure they are different.
This issue matches bug 1035072. This was fixed on v7.6.1 and will be fixed in v7.4.8. |