Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Created on ‎07-31-2023 06:22 PM Edited on ‎07-31-2023 06:23 PM

EMS with Azure and auto SSL VPN on user login, failing at graph API connection.

I setup EMS and fortigate both with SAML configurations and both systems work. A user can be SAML SSO verified through EMS and a user can access SSL VPN with SAML SSO as well.

I tried to enable azure AD auto ssl vpn login and I get an error when the fortigate attempts to connect to the microsoft graph API to verify the users session token. I believe these are the steps that need to happen for a successful auto login. Step number 5 fails with the below debug errors. I verified the CLI can resolve DNS and ping the microsoft graph API.

CapturedsaDSA.PNG

1. user attempts saml

2. ems/forticlient talks to azure

3. azure provides a token to the forticlient

4. forticlient gives token to fortigate

5. fortigate uses graph api to validate token

6. fortigate authorizes forticlient

3483
0 Kudos
12 REPLIES 12
UQTR_Beaudet
New Contributor II
In response to aguerriero

Created on ‎02-16-2024 08:33 AM

Hi little update on my end! 

Went from 7.2.5 (graph connection issue) to 7.2.7 because of the recent intense CVE....

it works! 

 

Graph connection is fine, the groupes are returned and if matched in the user group the connection is established. This is on laptops joined to our local Active Directory and hybrid-joined to Entra ID. 

Jean-Alexandre Beaudet
Jean-Alexandre Beaudet
509
aguerriero
Contributor II
In response to UQTR_Beaudet

Created on ‎02-16-2024 08:44 AM

 

Good to know that it is fixed in 7.2.7 but have you seen this for 7.2.7.

7.2.7 ipsec.PNG

504
0 Kudos
UQTR_Beaudet
New Contributor II
In response to aguerriero

Created on ‎02-16-2024 08:55 AM

We only use SSL-VPN so it didn't affect us going to 7.2.7 

Jean-Alexandre Beaudet
Jean-Alexandre Beaudet
502
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.