7.0.17 - breaking SAML

funkylicious · ‎01-20-2025

Hi,

Anyone else noticing issues with login to SSLVPN using SAML with Entra after upgrade to 7.0.17 for users with FortiClient 7.4.X ?

Did an upgrade on FOS to a client and it broke the connection for newer versions butwith FortiClient 7.2.X it appears to work just fine and it used to work also with this version up until upgraded .

A similar issue was also brought up here

"jack of all trades, master of none"

JL1 · ‎01-20-2025

same experience. Users required to offload saml to external browser.
Pushed to 7.2.10 as EoES was mentioned in my support ticket

View solution in original post

wedniaa2 · ‎01-20-2025

A simple advice would be to bump yourself up to FortiOS 7.0 and start using external browser for SAML logins. Then you can offload all the cookie shenanigans and username/pwd saving to your default browser, and stop caring what FortiClient makes or breaks next.

https://vlc.onl/

AEK · ‎01-20-2025

Hi @funkylicious

I guess they broke something when they fixed the below in 7.0.17.

1101837

Insufficient Session Expiration in SSLVPN using SAML authentication.

The issue now is that they "may" not fix it in 7.0.x anymore since it is EoES.

AEK

JL1 · ‎01-20-2025

same experience. Users required to offload saml to external browser.
Pushed to 7.2.10 as EoES was mentioned in my support ticket

funkylicious · ‎01-21-2025

Thanks for your input guys.

Have a nice day!

"jack of all trades, master of none"

sferoz · ‎01-21-2025

We are working on this issue and created an engineering ticket #1117475 for tracking, can you help share the config file, FCT and FGT debug logs, TAC case number if any to sferoz@fortinet.com for more investigation.

7.0.17 - breaking SAML

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website