Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff

Created on ‎10-22-2024 09:42 AM

Article Id 351169

Technical Tip: OneLogin SAML SSL VPN Fails After Upgrade to FortiOS 7.0.15 or 7.4.3

Description This article describes how to resolve an issue observed in FortiOS versions 7.0.15 or 7.4.3 where users are unable to connect to SSL VPN using OneLogin as the IdP after performing an upgrade.
Scope FortiGate v7.0.15, v7.4.3.
Solution

After upgrading FortiGate to FortiOS v7.0.15 or v7.4.3, OneLogin SSL VPN users may be unable to connect to the VPN. The problem can be verified by examining the logs as outlined below.

diagnose debug application samld -1
diagnose debug application sslvpnd -1
diagnose debug enable
.
.
2024-04-24 11:40:39 [15580:root:a]req: /remote/saml/login
2024-04-24 11:40:40 [15580:root:a]readPostLeave:151 invalid character (13) in payload (/remote/saml/login).


This issue has been resolved in FortiOS versions 6.4.16, 7.0.16, 7.2.9, 7.4.5, 7.6.0.

Logs required by FortiGate TAC for investigation:

  1. Debugs:

    diagnose debug application samld -1
    diagnose debug application sslvpnd -1
    diagnose debug timestamp enable
    diagnose debug enable
    <Reproduce the issue>
    diag debug disable

  2. TAC Report: execute tac report

  3. The configuration file of the FortiGate.
108
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.