Hi My Fortigate device OS version is 7.0.2.When I configure Azure AD SAML authentication with the documenthttps://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/33053/outbound-firewall-authentication-with-azure-ad-as-a-saml-idp333Go to step 4, The SAML IdP sends the SAML assertion containing the user and group. After the browser log in to azure, it seems that it can't return to FortiGate, Whether my identifier (entity ID) uses public IP or private IP. it aways say:The connection has timed outAn error occurred during a connection to 192.168.11.1:1003. Who can help me the possible problems? Thanks a lot

PaulChen

New Member

Solved

authentication with Azure AD as a SAML IdP

Forum|Forum|4 years ago
January 14, 2022
1 reply
4551 views

Hi

My Fortigate device OS version is 7.0.2.

When I configure Azure AD SAML authentication with the document

https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/33053/outbound-firewall-authentication-with-azure-ad-as-a-saml-idp

333 333

Go to step 4,

The SAML IdP sends the SAML assertion containing the user and group.

After the browser log in to azure, it seems that it can't return to FortiGate, Whether my identifier (entity ID) uses public IP or private IP. it aways say:

The connection has timed out

An error occurred during a connection to 192.168.11.1:1003.

Who can help me the possible problems?

Thanks a lot

FortiGate

Best answer by Anonymous_User

Hello @PaulChen ,

Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!

Could you please run the saml debug when the issue is replicated.

#diagnose debug application httpsd -1
#diagnose debug application samld -1
#optionally# diagnose debug console timestamp enable
#diagnose debug enable

Regards

A

Anonymous_UserAnswer

Contributor

Hello @PaulChen ,

Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!

Could you please run the saml debug when the issue is replicated.

#diagnose debug application httpsd -1
#diagnose debug application samld -1
#optionally# diagnose debug console timestamp enable
#diagnose debug enable

Regards

PaulChenAuthor

New Member

Hi Ash , Thanks for your suggestion, I solved this problem by adding a source port to the firewall policy.

Thanks

Paul Chen

Cristianonovaes

New Member

Hi PaulChen, Could you please detail more how you added this source port? I have the same problem!

tks,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded