FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article describes the relevant XML configuration settings to help troubleshoot and resolve the issue.
Scope
Forticlient EMS.
Solution
XML Configuration Settings:
<save_username>0</save_username> (Not Active): This setting controls whether FortiClient should save the username. When set to '0,' FortiClient is configured not to save the username. This can affect SAML password saving because the username is often associated with the SAML authentication process.
<show_remember_password>1</show_remember_password>(Active): This setting controls whether FortiClient should display the 'Remember Password' option to users. When set to '1,' FortiClient is configured to display the 'Remember Password' option, which allows users to choose whether to save their passwords. Enabling this option can help address the issue of FortiClient not saving SAML passwords.
<dont_modify_cookies>1</dont_modify_cookies>: This setting controls whether FortiClient should modify cookies. When set to '1,' FortiClient is configured not to modify cookies. In some SAML authentication scenarios, modifying cookies may be necessary for proper password saving. Consider setting this to '0' if issues with SAML password saving are encoutered.
If there are issues with FortiClient not saving SAML passwords, follow these troubleshooting steps:
Check <save_username> Setting: Ensure that the <save_username> setting is correctly configured. If it is set to '0,' FortiClient will not save the username, which could affect SAML authentication.
Enable <show_remember_password> Setting: Verify that the <show_remember_password> setting is set to '1' to allow users to choose whether to save their passwords. This setting is essential for password-saving functionality.
Consider <dont_modify_cookies> Setting: If there are still issues, evaluate whether the <dont_modify_cookies> may be affecting SAML authentication. Try setting it to '0' to enable cookie modification, which may be required for password saving in specific SAML configurations.
Review SAML Configuration: Double-check the SAML authentication configuration to ensure it is correctly set up. Ensure that SAML single sign-on (SSO) is properly configured on both FortiClient and the SAML identity provider.
Update FortiClient EMS: Ensure that the latest version of FortiClient EMS is used, as updates and patches may address known issues related to SAML password saving.
