Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Infotech22
Contributor

Created on ‎04-22-2024 10:54 PM

FortiGate SSL / Integration with Azure for MFA

Hello Fortinet people,
I'm currently researching a way of clearing the cache after user login/logoff from FortiClient over SAML login.

 

 

 

Solutions I already tied:

  1. Tried with on disconnect script over FortIEMS but no results, I'm not asked for Microsoft login.
  2. Tried manually deleting cookies from User's AppData, no results.
  3. Shuting down the FortiClient, still no results.

 

We don't have Premium licenses on Azure so I can't use Conditional Access to configure it there.

 

Does anybody have some solutions?

 

Labels:
1495
0 Kudos
7 REPLIES 7
hbac
Staff
Staff

Created on ‎04-23-2024 08:01 AM

Hi @Infotech22,

 

Please refer to this article and make sure your on disconnect script is correct: https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-Caching-SSL-VPN-SAML-Authentic...

 

Also make sure that the following values are disabled:

 

<save_username>0</save_username> 
<show_remember_password>0</show_remember_password> 

<dont_modify_cookies>0</dont_modify_cookies>

 

Regards, 

1453
Infotech22
Contributor
In response to hbac

Created on ‎04-24-2024 12:25 AM

Hi @hbac,

I already tried all the steps they suggested on that link.
And still have the same problem.

1434
0 Kudos
hbac
Staff
Staff
In response to Infotech22

Created on ‎04-24-2024 05:42 AM

@Infotech22,

 

Are you using "Use external browser as user-agent for saml user authentication" option? 

 

Regards, 

1422
0 Kudos
Infotech22
Contributor
In response to hbac

Created on ‎04-24-2024 11:18 PM

@hbac

When I try to add that to the XML file on EMS i get the following error:


 The following errors were found: Remote Access > sslvpn > connections > BIMEXPERTS > use_external_browser: invalid value ['1', '0'], must be boolean

1391
0 Kudos
funkylicious
SuperUser
SuperUser
In response to Infotech22

Created on ‎04-24-2024 11:38 PM Edited on ‎04-24-2024 11:41 PM

Assuming you are trying to set, <use_external_browser>1</use_external_browser> , as per link below ?


L.E. https://docs.fortinet.com/document/forticlient/7.2.4/ems-administration-guide/748803/using-a-browser... , in To configure external browser for authentication in EMS, step 3 

"jack of all trades, master of none"
"jack of all trades, master of none"
1388
0 Kudos
Infotech22
Contributor
In response to funkylicious

Created on ‎04-24-2024 11:42 PM

@funkylicious,
That was the first thing that I tried when I got that error message.

Yes, that documentation I used. 

1383
0 Kudos
smaruvala
Staff
Staff
In response to funkylicious

Created on ‎04-24-2024 11:50 PM

Hi,

 

The value should be either 1 or zero as per the XML configuration file. Have you tried to select the option from GUI instead of configuring using the XML format. You can go to EMS-> endpoint profile-> remote access profile-> edit added VPN tunnel->advanced settings and change the settings.

 

If you are using external browser then you can try to clear the cookie of the default browser using the windows command. For chrome browser you can use the command del C:\users\%username%\AppData\Local\Google\Chrome\"User Data"\Default\Network\Cookies

 

Regards,

Shiva

1380
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.