Skip to main content
IGTech-advantage
IGTech-advantage
New Member
August 2, 2021
Question

SAML external browser

  • August 2, 2021
  • 1 reply
  • 12609 views

Hi,

 

Since FortiOS 7.0.1, bug 715100 is resolved and should allow the use of an external browser to perform SAML authentication instead of the FortiClient embedded login window.

The release note states :

Allow FortiClient to use a browser as an external user agent to perform SAML authentication for SSL VPN tunnel mode. In prior versions, SAML authentication must be performed within the FortiClient embedded login window. A new setting is added to configure the SAML redirection port upon successful SAML authentication: config vpn ssl settings set saml-redirect-port <port> end

 

Has anyone a clue on how setting an alternate SAML redirect port on the Fortigate side will instruct the FortiClient to open the default browser on the client ?

I tried to force another port instead of the default 8020 but FortiClient still uses the default embedded login window.

 

I'd like to use an external browser so it will know how to interact with a WebAuthn device.

 

Thanks,

IG

1 reply

Adrian_Lewis
Adrian_Lewis
New Member
August 12, 2021

Pretty sure this needs FCT 7.0.1 as a prerequisite and the relevant setting for the connection enabled. From my testing so far with FCT 7.0.1 and FGT 6.4.6, that combo will not work either.

Adrian_Lewis
Adrian_Lewis
New Member
August 12, 2021

FYI - EMS doesn't have this client setting in the UI from what I've found but you can add:

 

<use_external_browser>1</use_external_browser>

 

into the top level for the SSL VPN connection to enable it for that connection (needs the advanced view toggled to show the XML tab in the profile).

IGTech-advantage
IGTech-advantageAuthor
New Member
August 16, 2021

Thanks for your feedback.

We are using the VPN-only version of FortiClient.

Not sure I can edit the XML by hand.

Terms & ConditionsAccessibility statement