Description
This article describes how to fix the error 'Response validation failed. SAML response rejected' when logging in using SSO FortiCloud in FortiAnalyzer/FortiManager.
Scope
FortiManager, FortiAnalyzer, FortiCloud.
Solution
Pre-requisite:
Enable 'Allow admins to login with FortiCloud' in System Settings -> Admin -> SAML SSO.
- Only registered account ID/email with FortiAnalyzer/FortiManager serial number can access the device using SSO login without the need to create IAM user or permission profiles.
Example:
Registered email for FortiAnalyzer, serial number FAZ-VMTMXXXXXXXX john@test.com (Account ID: 9xxxxxx1).
When logged in using FortiCloud SSO in FortiAnalyzer, it will prompt to the FortiCloud login page, and proceed to access the EMAIL LOGIN page and enter john@test.com credentials.
- Other users need to create as IAM users inside john@test.com account and assigned Permission Profiles with FortiOS SSO for the users.
Example:
Permission Profiles named SSO user created with FortiOS SSO portal enabled, and SuperAdmin for Access Type.
Example: IAM user user1ssoforticloud@gmail.com created, and assigned SSO user for permission profiles
- After creating an IAM user, it must verify the email before logging in as FortiCloud SSO in FortiAnalyzer/FortiManager. Proceed to login using IAM LOGIN with john@test.com (Account ID: 9xxxxxx1) with user1ssoforticloud@gmail.com credentials.
Note:
Account ID is located under the dropdown username
- After verifying the IAM user email, log in from FortiAnalyzer/FortiManager using SSO FortiCloud.
