Description | This article describes how to configure FortiPortal SSO Remote Authentication by using FortiAuthenticator SAML Service. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Scope | FortiPortal, FortiAuthenticator. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Solution |
SAML Identity Provider (IdP): FortiAuthenticator.
SAML Parameters Mapping:
Configuration Steps:
(A) FortiAuthenticator (IdP).
Note:
1. Create User Groups. Note: This value will be used to find a match for FPC Role Attribute.
2. Create a Local User / Remote User and add to a newly created user group. Note: This value will be used to find a match for FPC Site Attribute.
Note: The email domain value will be used to check if the user belongs to an FPC customer or an FPC administrator.
4. Edit the user's Last name with the domain value. Eg: custserver.com. Note: This value will be used to find a match for the FPC Tenant Identification Attribute.
6. Enable the SAML Identity Provider portal and enter the details.
7. Go to FortiAuthenticator -> SAML IdP -> Service Providers -> Create New.
9. Enter the SP Metadata. The value needs to be the same as configured in FPC SSO settings.
It is possible to come back to this page and enter the value once done configuring in FPC.
10. Authentication method and Assertion Attribute Configuration as shown below:
11. Map the Assertion Attribute Configuration settings as shown below:
SAML attribute needs to be the same as in FPC SSO Settings.
12. Verify the parameters and select OK.
(B) FortiPortal.
1. Go to FortiPortal -> Customers -> Domains -> Key in the domain value -> Select Create. Note: This value will be used to find a match for the FPC Tenant Identification Attribute.
2. Go to FortiPortal -> Customers -> Sites -> Site Names.
This value will be used to find a match for FPC Site Attribute.
3. Next, Go to FortiPortal -> Admin -> Settings -> User Authentication.
Example:
7. Select Submit and reboot FortiPortal.
1. Check logs from FortiAuthenticator: Logging -> Log Access -> Logs. 2. Check logs from FortiPortal v6.0.x GUI: Login to FortiPortal GUI (via the below URL) -> Admin -> System Log -> Start
Then proceed to login with SSO user and capture the logs from the system log.
3. Check logs from FortiPortal v6.0.x CLI:
exec shell tail /var/tomcat/util/ftnt_fpc.log -f
4. For FortiPortal v7.x, it is possible to access to FortiPortal GUI via the below URL and verify the SAML settings: v7.x: https://<Portal>/fpc/app/admin.
5. Using SAML debugging Chrome extension to check SAML-related messages. Eg: https://chrome.google.com/webstore/detail.saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch Sample output:
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.