Description | This article describes that SSLVPN is not able to connect with the error ' Audience is invalid!' with Okta as SAML identity provider. |
Scope | FortiGate, Okta as SAML identity provider |
Solution |
FortiGate had configure sslvpn SAML login using OKTA SAML identity provider but failed to connect. Run "diagnose debug application samld -1 " command and it show error below: __samld_sp_login_resp [871]: Audience is invalid!
"Audience is invalid" indicate that FortiGate Service Provider Information "entity-id " under user saml is configure different from Okta settings.
Re-check the URL in FortiGate is configure same as Okta settings. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.