FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vermap
Staff
Staff
Article Id 382546
Description This article describes the troubleshooting steps when the captive portal with SAML authentication with the WiFi users failed to load with the error 'Firewall Authentication Failed'.
Scope FortiGate.
Solution

When connecting to the WiFi SSID and trying to access the captive portal page with SAML authentication, the page gets redirected but gives the error 'Firewall Authentication Failed':

 

image.jpg

 

This happens because of the mismatch between the User group ID in FortiGate and Azure.

 

This can also be verified with the following SAML debugs:

 

diagnose debug console timestamp enable
diagnose debug application samld -1
diagnose debug enable

 

As a solution, make sure the group ID is the same on FortiGate and Azure, as shown below:

 

Capture-12.PNG

 

Alternatively, it can also be edited through the CLI:

 

Capture-210.PNG

 

Note:
If the issue is observed after upgrading to v7.2.12, v7.4.9, or v7.6.4 with the error 'Signature element not found' from SAML debug, refer to this document for more information: Troubleshooting Tip: SAML Authentication fails after firmware upgrade to v7.2.12, v7.4.9 or v7.6.4.

Related documents: