Configuring SSL VPN, with SAML Authentication and Certificate

Forum|Forum|1 year ago
October 11, 2024
3 replies
3011 views

Hi,

I am currently working on a new deployment and needs to configure SSL VPN, with SAML Authentication and Certificate. However, I am getting this issue: "Credential or SSLVPN configuration is wrong. (-7200)", and bumped into this link: Failure to connect via SSL VPN with '... - Fortinet Community

It mentions that I need to disable Require Client Certificate. Does this mean that SSL VPN, with SAML Authentication will not work if with Certificate?

Thank you

FortiGate

rbraha

Staff

Hi @heyyo
You will need to disable that Require Client Certificate , IdP certificate (Azur,Okta,..) that you are importing to FGT will be set under config users saml, this certificate will validate connections between client and IDP. Take a look of this doc.guide.

https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-with-entra-id-acting-as-saml-idp

JohnMansoryyy

New Member

To fix the "Credential or SSLVPN configuration is wrong. (-7200)" error, disable the "Require Client Certificate" option. This is necessary when using SAML authentication, as SAML relies on tokens rather than certificates. Ensure your SAML settings are correctly configured and match the Identity Provider settings. After doing adjustments test connection again and review logs for further troubleshooting if needed.
Some documentation related to: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/371626/ssl-vpn
SAML SSO documentation: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/254248/configuring-saml-sso
I hope this helps.