Skip to main content
muhammadsaad
muhammadsaad
New Member
July 3, 2025
Solved

Fortigate SSL VPN SAML Authentication Error

  • July 3, 2025
  • 4 replies
  • 1847 views

Hi Team,

SAML authentication is not working. We have integrated Azure IdP with on-prem Active Directory and called the Azure IdP on the Fortigate Firewall. We are using SSL VPN and when we dial up the remote connection, its getting stuck at 40%. 

 

Can someone help out on this.

Thanks

Best answer by muhammadsaad

Team, the issue gets resolved after making some port changes and re-entering of entity id
Thanks for assistance.
Appreciated.

4 replies

kaman
Staff
kaman
Staff
July 3, 2025

Hi Muhammadsaad,

As you mentioned, VPN stuck at 40%. This may occur when FortiClient generates a new pop-up window verifying whether the user wishes to proceed with a non-trusted TLS/SSL certificate.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL-VPN/ta-p/211965


Can you please run the below debug commands and try to connect the VPN and share us the output to check further

diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application samld -1
diagnose debug application sslvpn -1
diagnose debug enable


Regards!

    muhammadsaad
    muhammadsaadAuthor
    New Member
    July 3, 2025

    well due to some restrictions and secure environment, output can't be shared. Is there any other way

    muhammadsaad
    muhammadsaadAuthor
    New Member
    July 3, 2025

    Run the diagnose commands and facing the below error:
    Error: 'The identifier of a provider is unknown to #LassoServer'

    We have also followed the required steps in order to overcome the error but no luck

      filiaks1
      filiaks1
      Explorer III
      July 3, 2025

      If you are ob 7.6.x maybe the issue is another  Agentless VPN (formerly SSL VPN web mode) not supported on FortiGate 40F, 60F, and 90G series models | FortiGate / FortiOS 7.6.3 | Fortinet Document Library

       

      Outside of that with FortiAuthenticator you can have it SAML IdP proxy and if SAML has issues then Oauth OpenID connect could be used.

       

      SAML IdP proxy for Azure | FortiAuthenticator 6.5.0 | Fortinet Document Library

       

      FortiGate SSL VPN Authentication with FortiAuthenticator as IdP Proxy for Azure AD

       

      Creating a remote OAuth server with Azure application ID and authentication key | FortiAuthenticator 6.5.0 | Fortinet Document Library

        muhammadsaad
        muhammadsaadAuthorAnswer
        New Member
        July 7, 2025

        Team, the issue gets resolved after making some port changes and re-entering of entity id
        Thanks for assistance.
        Appreciated.

          Terms & ConditionsAccessibility statement