Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pedroso
New Contributor II

Created on ‎10-14-2023 06:34 AM

Error SAML Auth FortiOS 7.4.1

Hi Guys, I have a problem after update my FGT 200E to 7.4.1, my SAML auth was operating normally, now I can't loggin to administrate firewall, I already did a new configuration on FGT and Azure but I receive the same error.

 

"AADSTS7500525: There was an XML error in the SAML message at line 1, position 503. Verify that the XML content of the SAML messages conforms to the SAML protocol specifications."

 

Someone also had this error and know how to fix it ?

 

Tks

Anderson Almeida Pedroso
Anderson Almeida Pedroso
Labels:
977
0 Kudos
1 Solution
Pedroso
New Contributor II

Created on ‎10-14-2023 01:55 PM Edited on ‎10-14-2023 01:57 PM

I found the solution, @dbu your tip was helpful, but I show the path that I can resolve the problem:

Go to Settings, Fabric SSO

 

Screenshot 2023-10-14 174551.png

 

Click on "Security Fabric settings" and next "Advance Options"

Screenshot 2023-10-14 174728.png

 

Expand SP Details, you will notice that "SP entity ID" is blank

Screenshot 2023-10-14 175006.png

Insert your http ID, for example: http://fwtest.com:1111/metadata/

Now your SAML auth is working again.

 

 

Anderson Almeida Pedroso

View solution in original post

Anderson Almeida Pedroso
932
0 Kudos
3 REPLIES 3
dbu
Staff
Staff

Created on ‎10-14-2023 07:18 AM Edited on ‎10-14-2023 07:37 AM

Hi @Pedroso ,
It looks like the entity id is set to empty for the SP in the Fortigate. 
Configure it manually from the CLI as it was before the upgrade. Check the backup file.


#config system saml
#set entity-id <SP entity ID>

#end

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
966
Pedroso
New Contributor II

Created on ‎10-14-2023 08:14 AM

I was comparing the actual config version (7.4.1) with the bkp version (7.2.5), I noticed that the version had a "set artifact-resolution-url "https://x.x.x.x:xx/saml/?artifact", and new version there isn't this.

I already tried every thing.

Sad :\ 

Anderson Almeida Pedroso
Anderson Almeida Pedroso
945
0 Kudos
Pedroso
New Contributor II

Created on ‎10-14-2023 01:55 PM Edited on ‎10-14-2023 01:57 PM

I found the solution, @dbu your tip was helpful, but I show the path that I can resolve the problem:

Go to Settings, Fabric SSO

 

Screenshot 2023-10-14 174551.png

 

Click on "Security Fabric settings" and next "Advance Options"

Screenshot 2023-10-14 174728.png

 

Expand SP Details, you will notice that "SP entity ID" is blank

Screenshot 2023-10-14 175006.png

Insert your http ID, for example: http://fwtest.com:1111/metadata/

Now your SAML auth is working again.

 

 

Anderson Almeida Pedroso
Anderson Almeida Pedroso
933
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.