Technical Tip: SAML SP SingleLogoutService in Fort...

FortiMail

FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats

Article Id 361810

Description

This article describes how to avoid SAML logout issues in FortiMail. By default, there is no SingleLogoutService in Fortimail SP metadata. Therefore, some SAML IDPs can send the LogoutResponse to the wrong destination in the SP which causes SAML errors.

Scope

FortiMail 7.0, 7.2, 7.4.

Solution

Configure the 'Logout Service POST Binding URL' or 'SP SLS (logout) URL' (naming depends on IDP) field to 'https://<fortimail_ip>/sso/Logout' in IDP to avoid SAML errors while logging out of SAML. For example, FortiAuthenticator as IDP:

Contributors

azhunissov
Stephen_G

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Terms of Service
Privacy Policy
GDPR
Cookie Settings

Technical Tip: SAML SP SingleLogoutService in FortiMail