Description |
This article describes how to resolve the issue in SAML authentication when the error shows:
'Sorry, but we’re having trouble signing you in.
AADSTS700016: Application with identifier 'https://10.230.3.239:1003/remote/saml/metadata/' was not found in the directory 'Default Directory'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.' |
Scope |
FortiGate v7.2.5) as SP, MS Azure as IdP. |
Solution |
In this setup, a captive portal for SAML authentication is configured for LAN users in FortiGate. When a user accesses a website, he will be redirected to the Microsoft authentication page before going to the actual website:
After a user signs in to the Azure authentication page, the error shows: 'Sorry, but we’re having trouble signing you in.
AADSTS700016: Application with identifier 'https://10.230.3.239:1003/remote/saml/metadata/' was not found in the directory 'Default Directory'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.'
Double check the entity-id on Azure if it matches the entity-id on the FortiGates.
Azure:
FortiGate:
In this example, on Azure, the entity-id is set to 'HTTPS' while on FortiGate, the entity-id is set to 'HTTP'. To resolve the issue, it is possible to either change the entity-id on Azure to 'HTTP' to match with FortiGate's or change the entity-id on FortiGate to 'HTTPS' to match with Azure's.
Once the entity-id of the Azure and FortiGate match, the SAML LAN user should now be able to authenticate successfully and be redirected to the website.
Check the authenticated SAML user on FortiGate. From GUI:
From CLI:
FG-VM (root) # dia firewall auth list 10.230.3.100, pearl ----- 1 listed, 0 filtered ------
Related documents: Outbound firewall authentication with Azure AD as a SAML IdP |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.