Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
techdsmart
New Contributor

Created on ‎07-29-2021 06:42 AM

FortiClient VPN 7.0.0.0029 not working with SAML SSO in Linux

Hello,

I am deploying SAML SSO with Azure to our VPN. I having a challenge in Linux machines with FortiClient VPN 7.0.0.0029. When i enable SSO, i get a blank window/pop where i expect to authenticate with SSO (As attached).

The windows client is working well. Question: Does Linux version of FortiClient VPN 7.0.0.0029 support SAML SSO? Are there any extra packages required to be installed in the Linux machines? FYI, I am running this on Ubuntu 20.04.2 LTS

 

Preview file
41 KB
11985
0 Kudos
10 REPLIES 10
tauntingzombies
New Contributor

Created on ‎09-19-2021 05:26 AM

Same thing here. I'm using 7.0.0.0018 on Linux Mint 20.2 Cinnamon. We formerly used Duo, but just switched to Azure AD. My iOS and Windows devices connect, but my Linux machine hangs similar to yours, though it mentions Duo in the header text.

 

[image][/image]

9391
0 Kudos
glzamp_lm
New Contributor
In response to tauntingzombies

Created on ‎10-12-2021 01:30 AM

Hello, i'm facing the same problem both with Forticlient 7.0.1 and 6.4.4.

Someone manage to solve that somehow?

9391
0 Kudos
M_T
New Contributor

Created on ‎02-24-2022 02:52 PM

9 months later, Forticlient 7.0.0.0018 still seems to be the same software with the same problem, still offered for Ubuntu 20.04 at https://www.fortinet.com/support/product-downloads#vpn

 

I tried 6.4.4 and had the same problem.

 

Maybe this is the same problem that was reported on this board for 6.0 to 6.4 on Windows and Linux.

 

Have sites just moved away from Fortinet because of this, or is there some hidden solution?

 

(In my  case, I'm running Ubuntu 20.04 as a VM under VirtualBox 6.1 under OSX 10.15.7, if any of that matters.  I'm a subcontractor to a company that requires the forticlient vpn.)

8645
0 Kudos
fonderco
New Contributor
In response to M_T

Created on ‎05-05-2022 02:41 PM

Were you ever able to get it to work. I'm in the same boat and need a solution to Forticlient VPN on Linux with SAML.

7814
0 Kudos
M_T
New Contributor
In response to fonderco

Created on ‎05-06-2022 12:48 AM

I didn't resolve this to my satisfaction.  As I said, I was running an Ubuntu 20.04 VM and consistently got the blank window.  I found that when I created a new Ubuntu 20.04 VM with no additional software loaded, I did get the expected prompt for credentials.  So, the Forticlient software is incompatible with one of many packages I had loaded in my  VM, or with something in the state of the VM. 

 

I didn't have the time to narrow it down.  I instead ran the VPN at the host computer level instead of the VPN.  That work is now over, so I am no longer using the Forticlient VPN.

 

One other thing I'll add in parting:  Running the VPN in the host computer, would sometimes cause what seemed to be a DNS failure in the VM. That is, in the VM, when I tried to resolve some domain such as sample.com, it would fail.  When I dug into it, I  found the "resolvectl status" command (in the Linux VM) showed (in part)

Link 2 (enp0s3)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.1
         DNS Servers: <Intended VPN DNS Server>
                      192.168.1.1
          DNS Domain: ~.
                      sample.com

192.168.1.1 is  the DNS server for my computer when not on the VPN.

With the Forticlient VPN running on the host computer, I no longer could get packets to 192.168.1.1, so DNS failed.

 

To clear it out of this state, I used the command

sudo resolvectl dns 2 <intended VPN DNS server>

(where "2" is from "Link 2" above).

 

7806
0 Kudos
fonderco
New Contributor

Created on ‎05-06-2022 01:29 PM

Did you ever get it to work?

7800
0 Kudos
tojur
New Contributor

Created on ‎08-28-2022 11:10 PM

On Fedora 35 with the latest client 7.0.0.0018 I get just this message: 

tojur_0-1661752774973.png

 

One more strange thing not related to SAML: if my laptop is connected to ethernet, when I click on "SAML Login" or Connect for any VPN site/configuration, the ethernet link disconnects and Forticlient reports being unable to get a response and gives up. The link then immediately returns back. So all my attempts are on Wi-Fi. From Windows everything works (version 7.0.2.0090).

6965
0 Kudos
tthrilok
Staff
Staff

Created on ‎08-29-2022 12:22 AM

Hi Techdsmart,

 

Thank you for the query!

 

I understand your SAML SSO is not working in Linux, may we request the below debugs:

 

di de reset

di de app samld -1

di de en

 

Please share the above debugs for both working and non working scenario.

 

Thank you!

 

6961
0 Kudos
tthrilok
Staff
Staff
In response to tthrilok

Created on ‎08-29-2022 12:23 AM

Please stop the debug using:

di de di
di de reset

 

Once you see the error.

6961
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.