Troubleshooting Tip: SAML authentication fails with FortiAuthenticator with error '403 Forbidden You are not allowed to access this resource Please contact your Administrator.'

Rajneesh · ‎12-11-2025

Description

This article describes the issue where the SAML authentication for the user is failing, and FortiAuthenticator is acting as IDP. The following error message is prompted '403 Forbidden You are not allowed to access this resource Please contact your Administrator.'

Scope

FortiGate, FortiAuthenticator.

Solution

In the attached image, the following error is shown to the end user after SAML authentication:

Screenshot 2025-12-11 113929.png

This is because the misconfigured SAML SP Metadata aa shown in the image:

Screenshot_11-12-2025_121131_10.5.130.198.jpeg

The same can be verified in the FortiAuthenticator logs.

Screenshot_11-12-2025_114018_10.5.130.198.jpeg

The correct SAML SP Metadata is:

http://192.168.1.1:1003/remote/saml/metadata/
https://192.168.1.1:1003/remote/saml/login
https://192.168.1.1:1003/remote/saml/logout

Screenshot_11-12-2025_121748_10.5.130.198.jpeg

Once the SP Metadata is corrected, the SAML auth succeeds without any issue.

The administration guide explaining how to configure FortiAuthenticator as a SAML Identity Provider (IdP) can be found here:

Configuring FortiAuthenticator as SAML IdP and FortiGate as SAML SP

Troubleshooting Tip: SAML authentication fails with FortiAuthenticator with error '403 Forbidden You are not allowed to access this resource Please contact your Administrator.'

You are leaving our website