Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
heyyo
Contributor

Configuring SSL VPN, with SAML Authentication and Certificate

Hi,

 

I am currently working on a new deployment and needs to configure SSL VPN, with SAML Authentication and Certificate. However, I am getting this issue: "Credential or SSLVPN configuration is wrong. (-7200)", and bumped into this link: Failure to connect via SSL VPN with '... - Fortinet Community

 

It mentions that I need to disable Require Client Certificate. Does this mean that SSL VPN, with SAML Authentication will not work if with Certificate?

 

Thank you

 

 

3 REPLIES 3
rbraha
Staff
Staff

Hi @heyyo 
You will need to disable that Require Client Certificate , IdP certificate (Azur,Okta,..) that you are importing to FGT will be set under config users saml, this certificate will validate connections between client and IDP. Take a look of this doc.guide.

https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/azure-administration-guide/584456/co...

JohnMansoryyy
New Contributor

To fix the "Credential or SSLVPN configuration is wrong. (-7200)" error, disable the "Require Client Certificate" option. This is necessary when using SAML authentication, as SAML relies on tokens rather than certificates. Ensure your SAML settings are correctly configured and match the Identity Provider settings. After doing adjustments test connection again and review logs for further troubleshooting if needed.
Some documentation related to: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/371626/ssl-vpn
SAML SSO documentation: https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/254248/configuring-saml-sso
I hope this helps.

sahmed_FTNT
Staff
Staff
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors