Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Stephen3
New Contributor

FortiClient Error 7200 for SAML while WebVPN works fine

I had SAML to Microsoft Entra ID working fine for a little bit here, but then FortiClient started showing "Credential or SSLVPN configuration is wrong. (-7200)" on every connection attempt.

 

SAML works just fine when connecting to the same system over WebVPN, so this does not appear to be an issue with the SAML config.

 

Any suggestions for getting FortiClient to work again?

5 REPLIES 5
hbac
Staff
Staff

Hi @Stephen3,

 

What is the FortiClient version? Have you tested with different computers? 

 

Regards, 

Stephen3
New Contributor

I'm using FortiClient 7.2.2.0864 at the moment.

I haven't tried with multiple computers, but again, SAML works fine on this same computer for Web VPN, it is only FortiClient that is not cooperating.

I rebooted and FortiClient worked for a couple of connections again before it stopped working again.  It seems that if I connect to a couple of FortiGates using the same SAML account that FortiClient caches something incorrectly.

Sohonet
New Contributor

For Windows 11 using 7.2.8 resolved the issue for a end customer
7.4.x Resulted in the same error as you described  

jaunas1
New Contributor

I can’t remember the error message I got when testing but know that I saw a similar issue when DTLS was enabled in the client - turning that off and they could connect fine. Also macOS and realms seemed to be broken with SAML if that would be relevant to your case. not retested on latest FortiOS 7.0.1 yet, only 7.0.0

mhberglund
New Contributor III

We are experiencing the same issue on version 7.4.2.1737

To get it working we now switched on the setting "Use external browser as user-agent for saml user authentication".

Will test further.

Mikael Berglund, 76BITS
Mikael Berglund, 76BITS
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors