Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Borut2019
New Contributor

FortyADC D300 SSO IE/Firefox Refresh login

Hi I have FortyADC,

I have setup NLB L7 for Exchange 2016.  Exchange is set for basic authentication. I set Hopefully SSO.

What I’m observing :

When I login to https://FQDN/owa  I get usually “403 Forbidden Request forbidden by administrative rules”and if I click refresh normal owa site is opened.  I have this issue With IE and Firefox.  In IE I alwas get this error if I us in private browser.  But it is normally sporadic.

I can see in LDAP Server “Windows 2012 R2” Event ID 4776 followed by 4672 for FortiADC. Then  Event id 4776 for test user. No failed audit events.

 

 

Under User Authentication\Authentication Relay I set  :

Name : Basic_Http

Delegation Type : HTTP Basic

Authorization : HTTP Error 401

Domain Prefix Support : Enabled

Doamin prefix : *NetbiosDomainName*

 

Under User Authentication\Authentication Policy I set  :

Name: Exchange_Auth_Policy

Type : Standard

User Realm : domain.com

Path : /

User Group :Test_Group

 

Under User Authentication\User Group I set  :

User Cache : not selected

Authentication Log : All

Client authentication Method : HTML Form

Group Type : SSO

Authentication Relay : Basic_Http

Authentication Session timeout : 3

SSO Support : Not selected

Member :  LDAP -> “LDAP Server”

 

 

Server Load Balance\Virtual server :

Section Resources :

Profile : Exchange2016App_Prof

Client SSL Profile : DomainWildcard_Cert

Auth Policy: Exchange_Auth_Policy

 

 

Thank you  forrelay.

Br,

Borut

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors