FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hbac
Staff
Staff
Article Id 241594
Description

This article explains a scenario where SAML authentication is configured correctly but the user receives an error when connecting to SSL VPN with SAML authentication. A workaround is included.

Scope Any supported versions of FortiGate and FortiClient.
Solution

When the user connects to SSL VPN using SAML authentication, the error message 'login page did not respond within time limit' appears during the first attempt, followed by an 'ERR_EMPTY_RESPONSE' error. However, the user can connect on the second attempt without any errors.

 

hbac_0-1672500706060.pnghbac_1-1672500714886.png

 

This timeout limit will appear if the user’s password has not been entered within a specified period or when the authentication to the SAML identity provider takes longer than the timeout configured on the FortiGate.  

 

To prevent the issue from occurring, increase the remote authentication timeout accordingly with the following CLI commands:

 

# config system global  

set remoteauthtimeout 60     

end

Contributors