| Description |
This article describes the troubleshooting steps and solution of a scenario where the SAML Login page is stuck in a loop for Wireless users trying to go to a Captive Portal to access the Internet using SAML as an Authentication method with Azure as IDP.
After getting the SAML login prompt to input the username to access the Internet, the browser might display the same login page again, hence users do not see an option to input the password. After multiple tries, the user can encounter the page below:
|
| Scope | FortiGate. |
| Solution |
In such scenarios, traffic is most likely hitting the URL/FQDN which does not match the destination under the exempt firewall policy.
To find out more about the blocked URL, browser debugs are a useful tool that can be triggered by pressing the F12 button from the keyboard and then looking for the URLs whose status code is not 200 OK.
For instance, In the screenshot below: https://aax0638.myidaptive.app is not getting any 200 OK and Hence showing an error.
Create a Firewall address object as mentioned below:
config firewall address edit "my.iadaptive" set type fqdn set fqdn "*.my.idaptive.*" next end
After creating the address object, add it in a destination of the exempted URL Firewall policy to exempt it from the Captive Portal.
Related article: Technical Tip: Wireless Authentication using SAML Credentials and Azure as IdP |
