Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ESD_PacketPusher
New Contributor

Fortigate SSL VPN with Azure AD DNS Issues

I am having a strange issue with configuring FortiGate SSL VPN with Azure AD. I have configured SAML authentication successfully in the past using Google Workspace, but now I need to set up SAML in Azure AD. I am using this guide for reference: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

 

My current configuration will only work while using the IP address of the VPN in my entity-id and single-sign-on-url values. If I use the DNS hostname, I will get an HTTP invalid error when trying to connect to https://domain.com/remote/saml/login. The web login will also not redirect me to the Microsoft sign-in page. Changing the DNS name to the IP address resolved the problem. Please help.

 

 

 

I am running version 7.0.8. I downgraded from 7.2.2 for testing but that did not make a difference

 

               

2 REPLIES 2
ESD_PacketPusher
New Contributor

FortiGate configuration: 

 

config user saml
edit azure
set cert ssl-vpn
set entity-id https://domain.com/remote/saml/metadata
set single-sign-on-url https://domain.com/remote/saml/login
set single-logout-url https://domain.com/remote/saml/logout
set idp-entity-id https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
set idp-single-sign-on-url https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxx/saml2
set idp-single-logout-url https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxx/saml2
set idp-cert REMOTE_Cert_1
set user-name username
set group-name group
next
end

ESD_PacketPusher
New Contributor

Update:

My configuration is working, but still unexpectedly. I found that by connecting to https://vpn.domain.com, I am presented with the portal web mode login. If I got directly to https://ip-address,  I am redirected to the Azure login portal

Top Kudoed Authors