Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hbac
Staff
Staff

Created on ‎03-07-2025 06:26 AM Edited on ‎08-03-2025 10:19 PM By Community Manager

Article Id 379845

Troubleshooting Tip: Blank screen on FortiClient while connecting to a Dial-Up tunnel using SAML authentication

Description

This article describes an issue when a user tries to connect to a Dial-Up VPN tunnel using SAML authentication, and the FortiClient shows a blank screen after authenticating on the SAML login page (Azure in this example). 

 

blank page.PNG
Scope FortiOS v7.2.0 and above, FortiClient v7.2.4 and above. 
Solution

This issue occurred due to SAML URLs misconfiguration. To configure a Dial-Up VPN tunnel using SAML authentication, 'auth-ike-saml-port' must be specified in the CLI. By default, the port is set to 1001, and in this example, it is set to port 10443. 

 

config system global

    set auth-ike-saml-port 10443 <-- default port = 1001.

end 

 

However, the SAML URLs did not include port 10443 on both FortiGate and Azure. 

 

SAML.PNG

 

Azure.PNG

 

To resolve the issue, include port 10443 in the URLs on both FortiGate and Azure sides. After modifying the URLs, it is necessary to download the certificate from Azure again and re-import it to the FortiGate. 

 

Fixed urls.PNG

 

Azure URLs.PNG

 

Related article: 

Technical Tip: How to configure Microsoft Entra ID... - Fortinet Community

2384
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.