Hi All
I am trying to configure SAML on me FortiAuth to link to my Jumpcloud account, I've filled out the info on both sides but I am getting the below error on the FortiAuth when a user tries to login.
" SAML user authentication failed: invalid_response(The Assertion of the Response is not signed and the SP require it) "
It seems like the error you are receiving is related to the Assertion of the Response not being signed, and the Service Provider (SP) requiring it.
To resolve this issue, you can try to check if the Assertion is signed in the SAML configuration settings on both the FortiAuth and Jumpcloud sides. You may need to enable signing of the Assertion in the SAML configuration settings.
If you are still experiencing issues, you may want to reach out to Fortinet support or Jumpcloud support for further assistance. They may be able to provide more specific guidance on how to resolve this error.
I appreciate your help, I will check if the Assertion is signed in the SAML configuration settings on both the FortiAuth and Jumpcloud sides. If still I face any problem, I will message here. :)
you are encountering an issue with SAML authentication on your FortiAuthenticator device. Specifically, the error message you are seeing ("SAML user authentication failed: invalid_response(The Assertion of the Response is not signed and the SP require it)") indicates that the SAML assertion in the response from Jumpcloud is not signed, but the service provider (SP) on the FortiAuthenticator side requires it to be signed.
Here are some steps you can take to troubleshoot this issue:
1. Check the SAML configuration on both the FortiAuthenticator and Jumpcloud sides to make sure that the settings are correct. Make sure that the SAML endpoints, certificates, and metadata are set up correctly.
2. Verify that the clock settings on both the FortiAuthenticator and Jumpcloud devices are set correctly. If the clocks are out of sync, it can cause issues with SAML authentication.
3. Check that the SAML assertion in the response from Jumpcloud is signed. If it is not signed, you may need to configure Jumpcloud to sign the assertion.
4. If the SAML assertion is signed, check that the signing certificate is trusted on the FortiAuthenticator side. You may need to import the signing certificate into the FortiAuthenticator's certificate store.
5. Consider reaching out to Fortinet support or Jumpcloud support for further assistance. They may be able to provide more specific guidance based on your specific situation.
By following these steps, you can further isolate the issue and determine the root cause of the problem.
Hello,
You can also crosscheck option under SAML setting on the Fortiauthneticator side in Service Provider and then enter your SP and under SP Metadata you have option "SAML request must be signed by SP". You can try to disable this option and see if it fixes the issue.
Best regards,
Lazar
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.