Hi all,
We have a deployment of FortiAuthenticator where we use it as our SAML IDP for all services and platforms, including portal and various FortiNet products.
We are using the self-registration portal of FortiAuthenticators for user self-registration and at the same time the SAML portals are enabled to allow users to navigate to various services. The issue we are phasing is on the self-registration portal if a user tries to reset their password at the end they get redirected to the SAML Login page. Instead of the page loading they are presented with a 403 Forbidden message.
It looks like the issue is related to the sessionid and cookiesession1 cookies set by FortiAuthenticator on the user browser.
Has anyone came across this issue before? Is there any known workaround for this?
Thanks,
Sotiris
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 04-10-2022 02:06 AM
Hello sioannou,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hello Sotiris,
What is the version of FAC that you are using?
Best regards,
Lazar
Hi Lazar,
We have tested 6.4.2 and 6.4.3 both GA.
Regards,
Sotiris
Hi sioannou,
not sure I completely understand it, but ...
I guess you have Authentication/Portals/Portals and there is defined some Portal for self-service. Not quite sure if you have Pre-Login / Password Reset, or Post-Login / Password Change actually enabled and used. It depends on what you want to allow to your users, and if they'd be allowed to reset password even without any previous authentication.
Then I guess you have that Portal used in Authentication/Portals/Policies .. and policy type is on top-right corner set as Self-Service Portal. So you have URL like https://<FQDN-of-your-FAC>/portal/selfservice/<policy-name>/ And there your users can do the changes.
Then what is the Identity Source of that policy ?
Is it pointing to realm which is SAML based or to local users ?
My guess from what you wrote is that you allow your users to self-register as local users. And then those are served to SAML SPs set/allowed via Authentication / SAML IdP. However Identity Source realm in SAML IdP / General as well as in Portals / Policy is realm pointing to local users, right ?
Maybe that is a bit on the edge of forum and you might consider to open technical ticket on Fortinet to provide your configuration privately and maybe to demonstrate the issue on remote session to some of my fellow engineers.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi Tom,
I will take it up with support.
Thanks,
Sotiris
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.