- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem SSO login in PAM using FAC as IDP
Hello community,
I have installed the FortiPAM 1.4.0, and I also have the FAC 6.5.1, I configured the FAC as IDP SAML (proxy to LDAP server), and the PAM as SP. So, when I login in PAM I will use the credentials of LDAP server with MFA configured in NAC.
But, after the correct flow login, I obtain in FortiPAM the
"authentication failed.
SAML authentication failed.
If you wish to use a different SAML account to login, please use incognito mode with your browser or manually clear your browser cookie of SAML IDP site."
But in the logs FortiPAM's logs I see:
Action | authentication |
Status | success |
Reason | Authentication succeeded |
Authentication Protocol | HTTP(10.50.200.176) |
Authentication ID | fortipam_saml_auth_rule |
Someone that is in the same situation?
Thanks in advance!
- Labels:
-
FortiAuthenticator
-
FortiPAM
-
SAML
-
SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nicolas
And what happens when you login from incognito mode?
On the other hand I can see many bug in FAC 6.5.1 that may be related with your issue.
https://docs.fortinet.com/document/fortiauthenticator/6.5.1/release-notes/713049/known-issues
Try update to 6.5.5.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Sorry, I write wrongly, my FAC version is 6.6.1.
It's works correctly with FG and SAML for SSLVPN logins.