When configuring a FortiClient EMS server (v.7.4.1b1872) on Linux for Administrator SAML SSO with Entra/Azure it works if I use the default SP Address (<FQDN>), but we'll be locking down port 443 from external access and I would like to use 10443 for the SAML SSO. When configured the same way adding 10443 per the small blurb of instructions (<FQDN>:10443) it returns an EMS 404 error stating "The requested URL was not found on this server."

If I reconfigure that same SAML entry to just the <FQDN>, updating the appropriate fields and certificate, it works.

I have confirmed that port 10443 is open. The URL in the browser looks correct for the ACS link (https://<FQDN>:10443/saml/default/<UniqueKey>/acs). I don't see any issues off hand, and MS does report a successful log in. Attempting to log in as a unapproved user does result in the expected O365 "you do not have permission to log in" page. The server has been rebooted with the desired settings in place with no change.

Because of the anecdotal evidence, the issue appears to be that despite the EMS stating to use the specific ACS link with the included 10443 port, it isn't actually registering that link within itself to accept the credentials- thus a 404 error. Since it works without using the specific port, my guess would be that it does not recognize the port or potentially updating the config to include the port is breaking the config. Is there a way to view this configuration from a config file instead of through the UI?

Any insight would be appreciated.