FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 286062
Description This article describes the log that gets generated when trying to access the FortiGate with SSO administrator account via SSH/telnet stating the username of the administrator is invalid.
Scope FortiGate.

The Single Sign-on (SSO) administrator account works fine with GUI login but seems to fail when login is done via SSH.


This can appear in the logs as shown below:


date=2023-11-06 time=12:14:26 devid="FG201Fxxxxxxxxxx" devname="FGT_Test_Primary" eventtime=1699290866478902761 tz="-0600" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="" ui="ssh(" method="ssh" srcip= dstip= action="login" status="failed" reason="name_invalid" msg="Administrator login failed from ssh( because of invalid user name"


The SSO login requires a browser window redirect to IdP for the user login.

This is expected/normal behavior since SSH terminal emulators do not have the integration at the application level to open a browser to get authentication done and pass the information to the SSH terminal emulator.


Administrator SSO login will work only for GUI access, but not SSH, telnet or console.