Created on
02-13-2022
01:30 AM
Edited on
09-25-2023
09:30 PM
By
Anthony_E
Description | This article describes the steps how to configure SSLVPN with realms followed by the SAML authentication. |
Scope | FortiGate |
Solution |
An example of the SSLVPN configuration with realms is:
config vpn ssl setting set groups "Users" end
config user saml set entity-id “https://<FortiGate IP/FQDN:port>/remote/saml/metadata/” set single-sign-on-url “https://<FortiGate IP/FQDN:port>/remote/saml/login/” set single-logout-url “https://<FortiGate IP/FQDN:port>/remote/saml/logout/” set idp-cert “This certificate will be provided from the IDP side” set user-name “Username” set group-name “Groupname” end
When accessing SSL VPN Web mode or FortiClient tunnel mode, the link will be similar to:https://<FortiGate IP/FQDN:port>/your_realm_name
example of configured link for Web-Mode or FortiClient tunnel mode:
Connection entry on the FortiClient, the remote Gateway
On 'config user saml', it is not necessary to define the realm for the SP side, and configuration as shown below can be used for both scenarios with and without the realms.
config user saml set entity-id “https://<FortiGate IP/FQDN:port>/remote/saml/metadata/” set single-sign-on-url “https://<FortiGate IP/FQDN:port>/remote/saml/login/” set single-logout-url “https://<FortiGate IP/FQDN:port>/remote/saml/logout/” set idp-cert “This certificate will be provided from the IDP side” set user-name “Username” set group-name “Groupname” end |