FortiWeb admin login via RADIUS (FortiAuthenticator + FortiToken) loops back to login after OTP
Hello everyone,
I am currently configuring administrator authentication on a FortiWeb appliance using RADIUS against FortiAuthenticator with FortiToken MFA, and I am experiencing a login loop after the OTP step.
Environment
FortiWeb: admin authentication via RADIUS
FortiAuthenticator: used as RADIUS server
Authentication source: LDAP / Active Directory
MFA: FortiToken Mobile
FortiWeb admin group configured with RADIUS server
Login flow
User enters username and password on the FortiWeb login page.
Authentication proceeds and FortiWeb prompts for Token Code (OTP).
OTP is entered.
Instead of logging in, FortiWeb redirects back to the login page.
Relevant log from FortiAuthenticator
Authentication Failed Bad Token
Description: Authentication failed, bad token code
Message:
Remote LDAP administrator authentication with FortiToken failed: invalid token
Things already verified
User exists in AD and can authenticate normally.
FortiToken is assigned to the user and active.
RADIUS client configured correctly on FortiAuthenticator.
FortiWeb RADIUS server configuration validated.
Admin group configured in FortiWeb using the RADIUS server.
Time synchronization appears correct.
Observed behavior
If the token is entered incorrectly, FortiWeb immediately shows credential failure.
If the token is entered correctly (from the mobile app), FortiWeb prompts for OTP but ultimately redirects back to the login screen.
Has anyone encountered this behavior when integrating FortiWeb + FortiAuthenticator + FortiToken for admin authentication?
Any guidance on required RADIUS attributes, admin group mapping, or OTP handling with FortiWeb would be greatly appreciated.
Thanks in advance.