CLI Configuration:

config system admin

    edit rasanchez

        set authentication-type radius

        set password ENC

        set trusted-hosts 172.23.0.78/32 ::/0

        set radius-profile FAC

        set access-profile super_admin_prof

        set theme Light-Blue

        set language english

        set email rasanchez@fortilab.com.do

    next

    edit stejada

        set authentication-type radius

        set trusted-hosts 172.23.2.84/32 ::/0

        set radius-profile FAC

        set access-profile Stejeda

        set theme Light-Blue

        set language english

        set email stejada@fortilab.com.do

    next

end

config profile authentication radius

    edit FAC

        set server forti-auth.fortilab.local

        set secret ENC

        set send-domain disable

        set port 1812

        set auth-prot pap

        set nas-ip 0.0.0.0

        set access-override disable

        set access-override-vendor 12356

        set access-override-attribute 6

        set domain-override disable

        set domain-override-vendor 12356

        set domain-override-attribute 3

    next

end

The number of sessions keeps increasing (System Information -> Current Administrator).

• Since the login was successful when the token was entered manually, there is a valid session going on. In order to trigger a token pop-up on the mobile app, a request was sent to FortiAuthenticator.
•  When this pop-up does not respond within the allowed timeout. It will return a 'timeout error'. This will return as a failed login with its own session cookie.
• The GUI will update the cookie and will use it in further requests. It does not correspond to what we had previously; there will be a magic number mismatch. This will trigger a logout as expected.

Solution:

Upgrade with v7.0.8 build266 firmware version or beyond.