SAML Configuration for Fortigate SSL VPN SSO - Invalid HTTP request.

leo-ehk · ‎11-16-2023

Hello community,

we would like to configure our fortigate 100F SSLVPN Access with SAML and MS Entra.

Unfortunately, we get the following prompt

We use the following MS Node:

https://learn.microsoft.com/en-us/entra/identity/saas-apps/fortigate-ssl-vpn-tutorial

Is it important, that we use a entra Plan or is the free Version okay? We use M365 business St.

pminarik · ‎11-16-2023

SAML authentication can be configured to work without specific groups. In this situation, you'd better manually set who can use the "enterprise application" (SSL-VPN) in Azure AD/Entra's configuration.

The P1/P2 plan affects what additional options you have available, but a basic SAML setup can be run even with a free plan, as far as I am aware.

[ corrections always welcome ]

View solution in original post

pminarik · ‎12-05-2023

No need to lower it. This was a question about potential timeout. If it's already at the maximum value, it shouldn't be the problem.

[ corrections always welcome ]

Wimukthi_Bandara · ‎09-24-2024

i also face same issue and change this value

pminarik · ‎09-24-2024

At a glance the settings look okay, but to fully judge this, we'd need to see the FortiGate configuration as well, samld+sslvpn debugs, and also the exact description of the unexpected behavior/errors you're observing.

[ corrections always welcome ]

SAML Configuration for Fortigate SSL VPN SSO - Invalid HTTP request.

Nominate a Forum Post for Knowledge Article Creation