Troubleshooting Tip: 403 forbidden error in FortiPAM SAML SSO authentication
| Description | This article describes why FortiPAM SAML authentication fails with a 403 forbidden error. |
| Scope | FortiPAM 1.5. |
| Solution | When trying to connect with a user during the SAML SSO authentication process, the following error may occur: 'Authentication: User Account error'. FortiPAM also returns a 403 error.
From the SAML debug tracer in this example, the redirection appears to be working correctly to https://fpam/XX/YY/ZZ/saml/login.
Commands from FortiPAM for further troubleshooting:
diagnose debug reset diagnose debug console timestamp enable diagnose wad debug enable level verbose diagnose wad debug enable category auth diagnose wad debug enable category secret diagnose debug app samld -1 diagnose debug enable
Solution:
From the configuration file, ensure this command is enabled:
config system global set saml-authentication enable end
The next step is to ensure this option is enabled: Force SAML login - Enable/Disable forced SAML login (default=disable).
Note: This option must be enabled when creating a SAML user. |
