FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff
Article Id 248414
Description

 

This article describes the case when connecting to SSL VPN it redirects directly to the login page and does not display the SSO login button.

 

Scope

 

FortiOS 7.0 and 7.2.

 

Solution

 

Configuration:

 

Having only SAML group configured, the page gets redirected to Microsoft login:

 

# config firewall policy

    edit 6

        set name "Joshi"

        set uuid 87964224-b824-51ed-d77a-b96b4478c200

        set srcintf "ssl.root"

        set dstintf "port2"

        set action accept

        set srcaddr "SSLVPN_TUNNEL_ADDR1"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set logtraffic all

        set nat enable

        set groups "SAML"

end

 

Microsoft login.PNG

 

Having multiple groups configured, select the option to select SSO login:

 

# config firewall policy

    edit 6

        set name "Joshi"

        set uuid 87964224-b824-51ed-d77a-b96b4478c200

        set srcintf "ssl.root"

        set dstintf "port2"

        set action accept

        set srcaddr "SSLVPN_TUNNEL_ADDR1"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set logtraffic all

        set nat enable

        set groups "SAML" "LDAP group" "local"

end

 

sso button lab.PNG

 

Resolution:

 

Add another local or remote server group in the same firewall policy and it should display the SSO login button.

 

Having only the SAML group configured, FortiGate automatically redirects to the Microsoft login page.

Contributors