Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Created on ‎03-19-2023 10:38 PM Edited on ‎09-22-2023 08:49 AM By Staff

Article Id 249504

Troubleshooting Tip: SSL VPN is not able to connect with error ' Audience is invalid!'

Description This article describes that SSLVPN is not able to connect with the error ' Audience is invalid!' with Okta as SAML identity provider.
Scope FortiGate, Okta as SAML identity provider
Solution

FortiGate had configure sslvpn SAML login using OKTA SAML identity provider but failed to connect.

Run "diagnose debug application samld -1 " command and it show error below:

__samld_sp_login_resp [871]: Audience is invalid!
samld_send_common_reply [114]: Code: 6, id: 1168, data_len: 43
samld_send_common_reply [122]: Attr: 22, 8, ÿÿ
samld_send_common_reply [122]: Attr: 23, 21, Undefined error.

 

"Audience is invalid" indicate that FortiGate Service Provider Information  "entity-id " under user saml  is configure different from Okta settings.

 

Re-check the URL in FortiGate is configure same as Okta settings.
906
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.