Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
ihaidar
Staff
Staff

Created on ‎01-14-2024 10:30 PM

Article Id 294049

Troubleshooting Tip: Troubleshooting SAML Issues in FortiSASE

Description This article explains the methodology for troubleshooting SAML issues while connecting to the SSL VPN in FortiSASE.
Scope FortiSASE, SSL VPN.
Solution

When a SAML issue occurs, it is important to understand the methodology and how to start with troubleshooting:

 

  1. Go To VPN User SSO start the SAML Test as shown below and check what errors are and what is successful or not:

 

SAML Test.png

 

  1. Go to FortiSASE -> Configuration -> VPN user SSO TAB, copy the Portal Sign ON URL, and paste it to the browser to do SSL Web authentication.

 

URL SIGN on.png

 

  1. If the Landing page of SSL VPN did not open, that means it might be a problem with FortiSASE. Open a ticket with the Fortinet support team.
    If the landing page opens as shown in the below screenshot, Press on SSO.


SSO Login - WEB SSL VPN.png 

  1. The IDP login page will open as shown below (based on which IDP is configured). Install the SAML tracer, and go through the process of authentication and then, it is possible to see what kind of attributes are sent back to FortiSASE.

           SAML TRACER run.png

 

Below is the example output of the SAML Tracer after authenticating the user.


SAML Tracer example output.png

 

 

213
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.