Created on 02-13-2022 01:30 AM Edited on 09-25-2023 09:30 PM By Anthony_E
Description | This article describes the steps how to configure SSLVPN with realms followed by the SAML authentication. |
Scope | FortiGate |
Solution |
An example of the SSLVPN configuration with realms is:
config vpn ssl setting set groups "Users" end
config user saml set entity-id “https://<FortiGate IP/FQDN:port>/remote/saml/metadata/” set single-sign-on-url “https://<FortiGate IP/FQDN:port>/remote/saml/login/” set single-logout-url “https://<FortiGate IP/FQDN:port>/remote/saml/logout/” set idp-cert “This certificate will be provided from the IDP side” set user-name “Username” set group-name “Groupname” end
When accessing SSL VPN Web mode or FortiClient tunnel mode, the link will be similar to:https://<FortiGate IP/FQDN:port>/your_realm_name
example of configured link for Web-Mode or FortiClient tunnel mode:
Connection entry on the FortiClient, the remote Gateway
On 'config user saml', it is not necessary to define the realm for the SP side, and configuration as shown below can be used for both scenarios with and without the realms.
config user saml set entity-id “https://<FortiGate IP/FQDN:port>/remote/saml/metadata/” set single-sign-on-url “https://<FortiGate IP/FQDN:port>/remote/saml/login/” set single-logout-url “https://<FortiGate IP/FQDN:port>/remote/saml/logout/” set idp-cert “This certificate will be provided from the IDP side” set user-name “Username” set group-name “Groupname” end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.