Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pmanak
Staff
Staff

Created on ‎12-02-2024 10:00 AM

Article Id 361663

Troubleshooting Tip: FortiClient SAML authentication when SSL VPN web mode is disabled globally

Description This article describes the behavior of FortiClient SAML authentication when SSLVPN web mode is disabled globally.
Scope FortiGate
Solution

Starting on FortiOS 7.4.1, a global command has been provided to disable sslvpn-web-mode globally, which will prevent sslvpn-web-mode configuration in all SSLVPN portals.

 

config system global

    set sslvpn-web-mode disable

end


For further information to disable sslvpn-web-mode, refer to this article.

 
When sslvpn-web-mode is disabled under global setting and SAML authentication is enabled, the FortiClient internal browser gives a 403 forbidden error for SAML authentication.

 

pmanak_0-1733079794044.png


This behavior is not expected and has been resolved in firmware 7.6.1. To work around this issue, select 'Use external browser as user-agent for SAML user authentication' in FortiClient settings.

pmanak_1-1733079794050.png

 
898
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.