FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
This article describes the issue of getting a permission denied or 403 Forbidden page when trying to integrate an external captive portal with the Aruba Guest SSID in FortiAuthenticator.
Scope
FortiAuthenticator, Aruba AP.
Solution
Below error logs are observed in the FortiAuthenticator during the integration
Line 2662: date=2025-08-22 time=13:14:01+0000 oid=17969418 logid=20601 cat="Event" subcat="Authentication" level="error" nas="" action="Login" status="Failed" msg="Invalid HTTP parameters, ['Access point IP/hostname is not found in GET parameter when using guest portal;http parameters:apname=e8%3A10%3A98%3Ace%3A8e%3Acc&apmac=e8%3A10%3A98%3Ace%3A8e%3Acc']" user="" Line 2663: date=2025-08-22 time=13:14:01+0000 oid=17969417 logid=20601 cat="Event" subcat="Authentication" level="error" nas="" action="Login" status="Failed" msg="Invalid HTTP parameters, ['Access point IP/hostname is not found in GET parameter when using guest portal;http parameters:apname=e8%3A10%3A98%3Ace%3A8e%3Acc&apmac=e8%3A10%3A98%3Ace%3A8e%3Acc']" user=""
FortiAuthenticator has built-in support only for the following devices and does not support Aruba AP:
