Skip to main content
MaDe
MaDe
New Member
April 16, 2021
Question

SSL WebPortal Mode | Login Failure

  • April 16, 2021
  • 4 replies
  • 22887 views

Good day,

I am new to FortiGate and having some trouble to setup the SSL portal. 

First I used FW 6.2.7 setting up the SSL portal with  http://docs.fortinet.com/document/fortigate/6.2.0/azure-cookbook/584456/configuring-saml-sso-login-for-ssl-vpn-web-mode-with-azure-ad-acting-as-saml-idp

This works perfect but I had some trouble to open external URLs from the SSL portal.

I opened a ticket and support confirmed there is bug in FW 6.2.7 and I can go to FW 6.4.5. Ok so I updated to FW 6.4.5. But now SSL Portal is not working anymore. I get a <ERR_EMPTY_RESPONSE> from my browser. I tried to debug the login with <diagnose debug application sslvpn -1> and saw this error: 

262:root:6]rmt_web_auth_info_parser_common:460 no session id in auth info [262:root:6]rmt_web_get_access_cache:797 invalid cache, ret=4103

But I don't what it means and how I should proceed. Has anyone had a error like this before and can give me some advice.

 

Many thanks,

MaDe 

    4 replies

    Jond
    Jond
    New Member
    June 21, 2021

    I am also getting this problem, also on 6.4.5

     

    If you go to the login page and click SSO does it go straight in afterwards?

     

     

    MaDe
    MaDeAuthor
    New Member
    June 22, 2021

    Hi, yes I got it working on 6.4.5 but switched back to 6.2.8. I used this guide <<Implementation Guide: FortiGate SSL VPN with Microsoft Azure SAML 2FA>>.

    My problem was a wrong URL syntax. Brgds, MaDe

      Jond
      Jond
      New Member
      June 22, 2021

      Hiya,

      Just wondered which of the fields was the issue for you?

      Cheers

      Jon

      gsommariva
      gsommariva
      Visitor III
      March 12, 2025

      I can confirm this solves SAML authentication phase problems.

       

      Graziano

        gsommariva
        gsommariva
        Visitor III
        March 12, 2025

        I solved SAML authentication phase problems.

        As mentioned here

        "SSL WebPortal Mode | Login Failure - Fortinet Community"

         

        I had to raise Auth phase timeout. 

         

        config system global 

         set remoteauthtimeout 60

        end

         

        (default on my FG was 5) 

         

        Graziano

          th5557
          th5557
          New Member
          October 27, 2025

          Some firmware builds require just signing the SAML assertion, others need both the assertion and the response signed.

           

          https://docs.fortinet.com/document/fortigate/7.4.9/administration-guide/736845/saml#Identity_providers

          Terms & ConditionsAccessibility statement