FortiAuthenticator - SAML Authentication - Cant get Fido Auth to work

tobisfr · ‎03-31-2025

Hello,

I'm currently trying my hand at SAML authentication with FortiAuthenticator in conjunction with FIDO keys.

- I can successfully import a Fido key for a local user
- FQDN of the authenticator is identical to the SAML FQDN
- Certificates are valid

- SAML Login with Username/Passwort is working

- SAML ServiceProviders to FortiAnlayzer and FortiMail

But as soon as I say in the SAML SP settings that it should authenticate via FIDO, “Error occurred during Fido Authentication” is displayed after entering the user name.

No error in the FortiAuth-Event Log - just "

Local user authentication partially done, expecting fido token

FortiAuth Version 6.6.2

The strange thing is that I had the SAML login with FIDO running until a few days ago, then I changed the FQDN name of FortiAuth again - since then it no longer works. However, I have adjusted and assigned all the certificates.

Anthony_E · ‎04-02-2025

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎04-07-2025

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Thanks,

Anthony-Fortinet Community Team.

Jiveshs · ‎04-07-2025

Ensure “Enable FIDO2 authentication” is ON

Authentication >SAML IdP > Service Providers

Thanking you,
Jivesh Sharma

tobisfr · ‎04-07-2025

Thanks all - i simple reboot of the FortiAuthenticator solved my problem. Seems like some service got confused with the certificate change.

FortiAuthenticator - SAML Authentication - Cant get Fido Auth to work

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website