New Member

Question

FortiClient VPN 7.0.0.0029 not working with SAML SSO in Linux

Forum|Forum|4 years ago
July 29, 2021
5 replies
17458 views

Hello,

I am deploying SAML SSO with Azure to our VPN. I having a challenge in Linux machines with FortiClient VPN 7.0.0.0029. When i enable SSO, i get a blank window/pop where i expect to authenticate with SSO (As attached).

The windows client is working well. Question: Does Linux version of FortiClient VPN 7.0.0.0029 support SAML SSO? Are there any extra packages required to be installed in the Linux machines? FYI, I am running this on Ubuntu 20.04.2 LTS

SAML SSO Linux Error.jpg

tauntingzombies

New Member

Same thing here. I'm using 7.0.0.0018 on Linux Mint 20.2 Cinnamon. We formerly used Duo, but just switched to Azure AD. My iOS and Windows devices connect, but my Linux machine hangs similar to yours, though it mentions Duo in the header text.

[image][/image]

glzamp_lm

New Member

Hello, i'm facing the same problem both with Forticlient 7.0.1 and 6.4.4.

Someone manage to solve that somehow?

M_T

New Member

9 months later, Forticlient 7.0.0.0018 still seems to be the same software with the same problem, still offered for Ubuntu 20.04 at https://www.fortinet.com/support/product-downloads#vpn

I tried 6.4.4 and had the same problem.

Maybe this is the same problem that was reported on this board for 6.0 to 6.4 on Windows and Linux.

Have sites just moved away from Fortinet because of this, or is there some hidden solution?

(In my case, I'm running Ubuntu 20.04 as a VM under VirtualBox 6.1 under OSX 10.15.7, if any of that matters. I'm a subcontractor to a company that requires the forticlient vpn.)

fonderco

New Member

Were you ever able to get it to work. I'm in the same boat and need a solution to Forticlient VPN on Linux with SAML.

M_T

New Member

I didn't resolve this to my satisfaction. As I said, I was running an Ubuntu 20.04 VM and consistently got the blank window. I found that when I created a new Ubuntu 20.04 VM with no additional software loaded, I did get the expected prompt for credentials. So, the Forticlient software is incompatible with one of many packages I had loaded in my VM, or with something in the state of the VM.

I didn't have the time to narrow it down. I instead ran the VPN at the host computer level instead of the VPN. That work is now over, so I am no longer using the Forticlient VPN.

One other thing I'll add in parting: Running the VPN in the host computer, would sometimes cause what seemed to be a DNS failure in the VM. That is, in the VM, when I tried to resolve some domain such as sample.com, it would fail. When I dug into it, I found the "resolvectl status" command (in the Linux VM) showed (in part)

Link 2 (enp0s3)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
Current DNS Server: 192.168.1.1
         DNS Servers: <Intended VPN DNS Server>
                      192.168.1.1
          DNS Domain: ~.
                      sample.com

192.168.1.1 is the DNS server for my computer when not on the VPN.

With the Forticlient VPN running on the host computer, I no longer could get packets to 192.168.1.1, so DNS failed.

To clear it out of this state, I used the command

sudo resolvectl dns 2 <intended VPN DNS server>

(where "2" is from "Link 2" above).

fonderco

New Member

Did you ever get it to work?

tojur

New Member

On Fedora 35 with the latest client 7.0.0.0018 I get just this message:

One more strange thing not related to SAML: if my laptop is connected to ethernet, when I click on "SAML Login" or Connect for any VPN site/configuration, the ethernet link disconnects and Forticlient reports being unable to get a response and gives up. The link then immediately returns back. So all my attempts are on Wi-Fi. From Windows everything works (version 7.0.2.0090).

tthrilok

Staff

Hi Techdsmart,

Thank you for the query!

I understand your SAML SSO is not working in Linux, may we request the below debugs:

di de reset

di de app samld -1

di de en

Please share the above debugs for both working and non working scenario.

Thank you!

tthrilok

Staff

Please stop the debug using:

di de di
di de reset

Once you see the error.

tojur

New Member

Well, thanks for help. Meanwhile I found that the issue is in REALM. When a realm is configured, the above problem appears. With default realm (= just /) the connection works.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded