FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vichu_94
Staff
Staff

Description
The article describes resolving an issue for getting an Error message 'The identifier of a provider is unknown to #LassoServer' in the samld logs in the firewall.

 

Scope

FortiGate.

 

Solution

Troubleshooting:

 

To view the logs for SMAL on the firewall, run the below command.

 

# diagnose debug application samld -1

# diagnose debug enable

This will allow viewing of the SAML logs on the firewall. 

 

So when the following error in the SAML logs can be seen:


The identifier of a provider is unknown to #LassoServer. To register a provider in a #LassoServer object, you must use the methods lasso_server_add_provider() or lasso_server_add
_provider_from_buffer()

To fix the issue, add a '/' at the end of the URL for idp-entity-id of the SAML config.

 

Example:

Working config:


# config user saml

edit <Name>           // Replace Name with the SAML name in the config

set idp-entity-id https://sts.windows.net/7....../

end 


Non-Working config:

 

# config user saml

edit <Name>           // Replace Name with the SAML name in the config

set idp-entity-id https://sts.windows.net/7......

end 

 

In the working config, a  '/' at the end of the user for IDP entity id in the SAML user configuration was added.

Contributors