- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiEMS / FortiClient / Azure
Hello Fortinet people,
I'm currently researching a way of clearing the cache after user login/logoff from FortiClient over SAML login.
Solutions I already tied:
Tried with on disconnect script over FortIEMS but no results, I'm not asked for Microsoft login.
Tried manually deleting cache from User's AppData, no results.
Shutting down the FortiClient, still no results.
We don't have Premium licenses on Azure so I can't use Conditional Access to configure it there.
Does anybody have some solutions?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi axool,
in such cases the validity of the Cookie is configured in the SAML IDP.
The cookie is saved by FortiClient in C:\Users\fortinet\AppData\Local\FortiClient and the user will not be prompted to login again as long as the cookie is there.
You could maybe try with a script that removes the cookie however i would not recommend that from a security perspective.
Try to apply the change from SAML IDP so the desired validity period is properly returned from the SAML response in the Authentication information.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @axool,
Please refer to this article and make sure your on disconnect script is correct: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-Caching-SSL-VPN-SAML-Authentic...
Also make sure that the following values are disabled:
<save_username>0</save_username>
<show_remember_password>0</show_remember_password>
<dont_modify_cookies>0</dont_modify_cookies>
Regards,