FortiClient Error 7200 for SAML while WebVPN works fine

Stephen3 · ‎01-26-2024

I had SAML to Microsoft Entra ID working fine for a little bit here, but then FortiClient started showing "Credential or SSLVPN configuration is wrong. (-7200)" on every connection attempt.

SAML works just fine when connecting to the same system over WebVPN, so this does not appear to be an issue with the SAML config.

Any suggestions for getting FortiClient to work again?

hbac · ‎01-26-2024

Hi @Stephen3,

What is the FortiClient version? Have you tested with different computers?

Regards,

Stephen3 · ‎01-27-2024

I'm using FortiClient 7.2.2.0864 at the moment.

I haven't tried with multiple computers, but again, SAML works fine on this same computer for Web VPN, it is only FortiClient that is not cooperating.

I rebooted and FortiClient worked for a couple of connections again before it stopped working again. It seems that if I connect to a couple of FortiGates using the same SAML account that FortiClient caches something incorrectly.

Sohonet · ‎03-10-2025

For Windows 11 using 7.2.8 resolved the issue for a end customer
7.4.x Resulted in the same error as you described

jaunas1 · ‎03-10-2025

I can’t remember the error message I got when testing but know that I saw a similar issue when DTLS was enabled in the client - turning that off and they could connect fine. Also macOS and realms seemed to be broken with SAML if that would be relevant to your case. not retested on latest FortiOS 7.0.1 yet, only 7.0.0

mhberglund · ‎03-17-2025

We are experiencing the same issue on version 7.4.2.1737

To get it working we now switched on the setting "Use external browser as user-agent for saml user authentication".

Will test further.

Mikael Berglund, 76BITS

FortiClient Error 7200 for SAML while WebVPN works fine

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website