Hello,
sorry for my english, i use google trad Is it possible to have a SSL VPN with Azure SAML SSO authentication and at the same time a captive portal on a VLAN with Azure SAML SSO authentication ?
With 2 different Azure groups for authentication.
material: Fortigate 100F
Firmware: v7.0.12 build0523 (Mature)
Best regards,
So I take it the correct URL pattern ended up being /remote/saml/..., is that right?
Some parts of the documentation seem to contradict each other here, unfortunately.
With regards to the certificate, right now this will default to using an IP for the ...:1003... URLs, for which you certainly won't be able to get a public certificate. You can customize the URL to use a specific FQDN/domain, for which you should be able to buy/obtain a certificate.
If this portal is set per-policy, the options are:
config firewall policy
edit <policy id>
set auth-cert <matching certificate for the FQDN>
set auth-redirect-addr <which FQDN to use>
end
If this configured on interface-level:
config system interface
edit <interface-with-portal>
set auth-cert <matching certificate for the FQDN>
set auth-portal-addr <which FQDN to use>
end
Don't forget to make sure that you have a DNS record configured for this FQDN, and that your clients can resolve it correctly. (it should point to the IP of the ingress/source interface)
Lastly, I'll add that this is applicable to redirects from plain HTTP (clients typically probe for portals with HTTP requests), and for loading the /remote/saml/... URLs.
Redirecting from HTTPS to a portal are impossible to do without MITM/deep SSL inspection, which would require importing your own CA to all relevant clients.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.