SAML (Security Assertion Markup Language) attributes are data elements included in a SAML authentication assertion that provide information about the authenticated user.

These attributes contain details such as the user's identity, roles, permissions, and other relevant information.

They are commonly used in Single Sign-On (SSO) and identity federation systems to enable seamless authentication and authorization.

The authentication of the user is successful only when the attribute name matches on the FortiGate and on the IDP end, which will be sent in the assertion from the IDP.

For Example, the attributes configured on the FortiGate are shown below:

The same attributes should come in the SAML assertions from the IDP when the user is authenticated, but the authentication will fail.

SAML debug logs taken from the FortiGate, the response from the IDP, and attributes are matching, as configured on the FortiGate. 

samld_send_common_reply [101]: Attr: 17, 31, magic=01090d809aa7a746
samld_send_common_reply [101]: Attr: 18, 29, 2025-12-18T09:17:49Z
samld_send_common_reply [98]: Attr: 10, 26, 'username' 'testuser'
samld_send_common_reply [98]: Attr: 10, 23, 'group' 'testuser'