This article provides an example of configuration on a solution with VPNSSL + SAML using the OneLogin platform as IdP.
User-SAML using OneLogin as IdP.
VPNSSL-Client ===== Internet ===> | FortiGate-VPNSSL
1) Configure the 'saml' profile:
2) Configure the user on FortiGate.
3) Set the authentication-rule on VPNSSL settings, with the group previously configured.
4) Finally, test the VPNSSL connection. This example used WebMode, but the same solution applies with TunnelMode.
If for some reason the redirection to SAML-Authentication portal fails, use the debugs below
In case that SAML-Authentication portal redirection succeeds but the authentication fails at the end,