FortiClient 7.2.2.0864 SAML authentication not Cached

Hello itservices3, 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Thanks, 

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Thanks,

Thank you, can wait for a new version if needed. I've packaged the latest 7.0.9 version that does not have this issue for now but would have been nice to be able to deploy the 7.2.2 with latest security fixes.

Hello,

FortiClient's SSL VPN behavior was changed starting with version 7.0.8, it will no longer cache SAML credentials. 
New behavior, when 'Remember Password' is unchecked, cookies associated with SAML are deleted.
Make sure that the 'Show "Remember Password" Option' is available and enabled under Advanced Settings of the VPN tunnel.

Docs.
=====================================================================
Home FortiClient 7.0.8 (Windows) Release Notes - Resolved issues
https://docs.fortinet.com/document/forticlient/7.0.8/windows-release-notes/22791/resolved-issues

FortiClient 7.0.9 EMS Administration Guide - SSL VPN
https://docs.fortinet.com/document/forticlient/7.0.9/ems-administration-guide/29925/ssl-vpn

FortiClient 7.0.9 Administration Guide - SAML support for SSL VPN
https://docs.fortinet.com/document/forticlient/7.0.9/administration-guide/402514/saml-support-for-ssl-vpn

Additionally;

Tag <dont_modify_cookies> means "Do Not Modify Internal Browser Cookies".

By default, the tag value is 0, it represents as un-selected on the FCT settings page. and it only applies to using an internal browser when saml-login. So it should be;

<system>

     <ui>

       ...

        <dont_modify_cookies>1</dont_modify_cookies>

     </ui>

</system>

For more details, please check:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Troubleshooting-FortiClient-Not-Saving-SAML/ta-p/276368

Thanks & Regards 

Hi,

I also noticed the same behaviour for our system. We do not encountered this before and only for 7.2.2 version.

Same issue here, still unresolved.

Hello,

Please test the issue with the latest build FortiClient 7.0.10. The behavior is changed with 7.0.10.

Besides, 

Please ensure the following items 1 and 2 have the correct configuration.

1. Save-password should be enabled in the FortiGate SSLVPN web portal. Please take full access for example as below:

config vpn ssl web portal

edit "full-access"

set tunnel-mode enable

set ipv6-tunnel-mode enable

set web-mode enable

set limit-user-logins enable

set auto-connect enable

set keep-alive enable

set save-password enable

end

In the meantime, please also make sure

2. Go to EMS -> Remote Access, choose the tunnel, edit, Advanced Settings -> Show "Remember Password" Option -> ON.

If the switch is enabled, then FCT GUI should display a save-password checkbox for the tunnel, otherwise it's disabled.

Thanks & Regards 

Fatih Seyligli

Sadly, this issue also occurs with the new 7.0.10 Build 0538 version.

sso connection is not cached anymore and username does not remain. it has to be re-entered at each new connection which is extremely painful.

the option "do not modify internal browser cookies" is already ticked but that does not change anything. (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\FA_UI)dont_modify_cookies=1

We are not using EMS, but simply the vpn client via SSO using OKTA. The issue did not occurr with version 7.0.9 Build 0493 (this is the latest version you can use to keep your username and sso cache authentication).

will this be sorted in the future ?

You are at least having better luck than us. We are also an Okta shop and use it for idp for Forticlient vpn. We can not get the newer versions to work. They pass Okta but the firewall vpn won't connect.