Hello Fortinet people,
I'm currently researching a way of clearing the cache after user login/logoff from FortiClient over SAML login.
Solutions I already tied:
Tried with on disconnect script over FortIEMS but no results, I'm not asked for Microsoft login.
Tried manually deleting cache from User's AppData, no results.
Shutting down the FortiClient, still no results.
We don't have Premium licenses on Azure so I can't use Conditional Access to configure it there.
Does anybody have some solutions?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi axool,
in such cases the validity of the Cookie is configured in the SAML IDP.
The cookie is saved by FortiClient in C:\Users\fortinet\AppData\Local\FortiClient and the user will not be prompted to login again as long as the cookie is there.
You could maybe try with a script that removes the cookie however i would not recommend that from a security perspective.
Try to apply the change from SAML IDP so the desired validity period is properly returned from the SAML response in the Authentication information.
Regards
Hi @axool,
Please refer to this article and make sure your on disconnect script is correct: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-Caching-SSL-VPN-SAML-Authentic...
Also make sure that the following values are disabled:
<save_username>0</save_username>
<show_remember_password>0</show_remember_password>
<dont_modify_cookies>0</dont_modify_cookies>
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.