Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dclabs
New Contributor

Created on ‎03-31-2023 07:48 AM

Outbound firewall authentication with Azure AD as a SAML IdP not working

Hi,

 

I'm testing this configuration before deploying it for a company that needs his users to authenticate against Azure AD for accessing the internet.

https://docs.fortinet.com/document/fortigate/7.0.11/administration-guide/33053

 

However it doesn't seem to work, infact after authenticating on the Microsoft login page I get redirected to the Fortigate Administration GUI webpage.

I must say that at step 3 f the "To configure the SAML SSO settings on the application and FortiGate" part, the firewall proposes me the administration GUI port instead of the default captive portal port (1003).

Also, does not respond at all on port 1003.

 

What am I doing wrong here?

 

Help appreciated.

 

Thanks in advance.

Labels:
316
0 Kudos
6 REPLIES 6
gfleming
Staff
Staff

Created on ‎03-31-2023 09:46 AM

Can you clarify what you mean about the docs proposing to use the admin GUI port? I see port 1003 in the docs as you referenced:

 

Screenshot 2023-03-31 at 09.46.00.png

Cheers,
Graham
307
0 Kudos
dclabs
New Contributor
In response to gfleming

Created on ‎03-31-2023 10:41 AM

What I mean is that the guide shows the links pointing at the firewall IP address and the default captive portal port (1003), when I do that step on my firewall I’m shown the IP address and the administration GUI port 

295
0 Kudos
gfleming
Staff
Staff
In response to dclabs

Created on ‎03-31-2023 12:01 PM

OK yes that's weird. Try changing it to 1003? It should be 1003 by default...

Cheers,
Graham
289
0 Kudos
dclabs
New Contributor
In response to gfleming

Created on ‎03-31-2023 12:04 PM

I did but I get no response on port 1003, as if no service is listening on that port

283
0 Kudos
Julien87
Contributor II

Created on ‎03-31-2023 10:11 AM

Hi,

I had not seen this feature. I will test it next week.

Best regards

 

 

Julien
304
Julien87
Contributor II
In response to Julien87

Created on ‎04-03-2023 08:12 AM

Hi,

 

you can check if you have the port 1003 in those parameters.

In my lab, I have the portal that opens and authenticates my user.

 

I just have an authentication problem on the fortinet side. I did not have time to diagnose this point.

 

 

 

config system global
    set auth-https-port 1003
end

 

config user saml

    edit "NAME_SAML"

        set entity-id "https://172.16.3.15:1003/saml/metadata"

        set single-sign-on-url "https://172.16.3.15:1003/saml/login"

        set single-logout-url "https://172.16.3.15:1003/saml/logout"

Julien
226
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.