Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
odahy
Staff
Staff

Created on ‎01-26-2024 01:35 AM Edited on ‎12-22-2024 10:48 PM By Staff

Article Id 296247

Technical Tip: Failed to login using SAML with third parties

Description

This article describes how to fix login issues with third parties such as OKTA when using SAML.
Scope FortiGate v6.4, v7.0, 7.2 and v7.4.
Solution

A user might experience a SAML login issue with third parties such as OKTA. Using the  below SAML debug it is possible to find the following error:

 

diag debug application saml -1

samld_send_common_reply [122]:     Attr: 22, 32, Failed to verify signature.

 

The Signature verification failure relates to the certificate provided by the IDP (eg. OKTA) that needed to be uploaded to the certificate on the FortiGate and used in the SAML configuration as below.

 

config user saml

    edit "okta-idp"

        set idp-cert "Okta-IDP_Certificate"

    next

end

 

Related article:

SSL VPN with OKTA as SAML IdP
1255
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.