I am kinda losing my mind here and really need some help. I have a ticket opened with support on this and it seems to be going no where. With support on the call I have re-configured the Firewall SSO setting to not require an ADFS claim. I have configured ADFS to allow any one who can auth to ADFS to login. On ADFS I have enabled tracing mode and have only INFO level messages when a user VPNs in via the FortiClient. Yet all through this I am still getting the message:
Hello systemgeek,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi,
Do you see any specific error at the same time in the ADFS server side as well? Any error related to a mismatch of any parameters or signature algorithms etc?
Regards,
Shiva
Is that the ticket where you provided an evtx export from Windows Event log?
The last addressable information there is signature issues reported by the IdP side. Given that you've changed certificates since, what should follow next is a new attempt as usual with new debugs (sslvpn + samld) and the new config backup (just to make sure the current config is known exactly, without any need of guessing), and then have both reviewed by TAC.
Hello,
Please check the SAML configuration and check the digest method. If you are using the SHA1 then you can try to change to SHA256 and verify as well.
Regards,
Shiva
I ended up on a long call with support. The answer ended up being all of the above and more. When I have a second I will give a full answer.
Thank you for all your responses.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.