FortiClient Error 7200 for SAML while WebVPN works fine

Forum|Forum|2 years ago
January 26, 2024
5 replies
2663 views

I had SAML to Microsoft Entra ID working fine for a little bit here, but then FortiClient started showing "Credential or SSLVPN configuration is wrong. (-7200)" on every connection attempt.

SAML works just fine when connecting to the same system over WebVPN, so this does not appear to be an issue with the SAML config.

Any suggestions for getting FortiClient to work again?

FortiClient

hbac

Staff

Hi @Stephen3,

What is the FortiClient version? Have you tested with different computers?

Regards,

Stephen3Author

New Member

I'm using FortiClient 7.2.2.0864 at the moment.

I haven't tried with multiple computers, but again, SAML works fine on this same computer for Web VPN, it is only FortiClient that is not cooperating.

I rebooted and FortiClient worked for a couple of connections again before it stopped working again. It seems that if I connect to a couple of FortiGates using the same SAML account that FortiClient caches something incorrectly.

Sohonet

New Member

For Windows 11 using 7.2.8 resolved the issue for a end customer
7.4.x Resulted in the same error as you described

jaunas1

New Member

I can’t remember the error message I got when testing but know that I saw a similar issue when DTLS was enabled in the client - turning that off and they could connect fine. Also macOS and realms seemed to be broken with SAML if that would be relevant to your case. not retested on latest FortiOS 7.0.1 yet, only 7.0.0

mhberglund

Visitor III

We are experiencing the same issue on version 7.4.2.1737

To get it working we now switched on the setting "Use external browser as user-agent for saml user authentication".

Will test further.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded