|
FortiMail – Service Provider (SP).
FortiAuthenticator – Identity Provider (IDP).
Below is the error that says when logging in to FortiMail GUI using SAML:
'We’re sorry, but you cannot access this service at this time.
This service requires information about you that your identity provider did not release. To gain access to this service, your identity provider must release the required information.
You were trying to access the following URL:
https://<FortiMail IP>:<FortiMail HTTPS port>/adminsso/
For more information about this service, including what user information is required for access, please visit our information page.'
To fix it, configure the following on the FortiAuthenticator:
Use urn:oid:0.9.2342.19200300.100.1.3 as SAML attribute and userPrincipalName as User attribute under Assertion Attributes in Authentication -> SAML IdP -> Service Providers. This is applicable when using an AD account as a login to FortiMail GUI. |
