This article describes the case when connecting to SSL VPN it redirects directly to the login page and does not display the SSO login button.
FortiOS 7.0 and 7.2.
Configuration:
Having only SAML group configured, the page gets redirected to Microsoft login:
# config firewall policy
edit 6
set name "Joshi"
set uuid 87964224-b824-51ed-d77a-b96b4478c200
set srcintf "ssl.root"
set dstintf "port2"
set action accept
set srcaddr "SSLVPN_TUNNEL_ADDR1"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set groups "SAML"
end
Having multiple groups configured, select the option to select SSO login:
# config firewall policy
edit 6
set name "Joshi"
set uuid 87964224-b824-51ed-d77a-b96b4478c200
set srcintf "ssl.root"
set dstintf "port2"
set action accept
set srcaddr "SSLVPN_TUNNEL_ADDR1"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set groups "SAML" "LDAP group" "local"
end
Resolution:
Add another local or remote server group in the same firewall policy and it should display the SSO login button.
Having only the SAML group configured, FortiGate automatically redirects to the Microsoft login page.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.