Fortigate SSL VPN with Azure AD DNS Issues

Forum|Forum|3 years ago
November 15, 2022
2 replies
1969 views

I am having a strange issue with configuring FortiGate SSL VPN with Azure AD. I have configured SAML authentication successfully in the past using Google Workspace, but now I need to set up SAML in Azure AD. I am using this guide for reference: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

My current configuration will only work while using the IP address of the VPN in my entity-id and single-sign-on-url values. If I use the DNS hostname, I will get an HTTP invalid error when trying to connect to https://domain.com/remote/saml/login. The web login will also not redirect me to the Microsoft sign-in page. Changing the DNS name to the IP address resolved the problem. Please help.

I am running version 7.0.8. I downgraded from 7.2.2 for testing but that did not make a difference

ESD_PacketPusherAuthor

New Member

FortiGate configuration:

config user saml
edit azure
set cert ssl-vpn
set entity-id https://domain.com/remote/saml/metadata
set single-sign-on-url https://domain.com/remote/saml/login
set single-logout-url https://domain.com/remote/saml/logout
set idp-entity-id https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
set idp-single-sign-on-url https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxx/saml2
set idp-single-logout-url https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxx/saml2
set idp-cert REMOTE_Cert_1
set user-name username
set group-name group
next
end

ESD_PacketPusherAuthor

New Member

Update:

My configuration is working, but still unexpectedly. I found that by connecting to https://vpn.domain.com, I am presented with the portal web mode login. If I got directly to https://ip-address, I am redirected to the Azure login portal

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded