Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EddieAllen3
New Contributor

SAML Issue

Hi all,

 

So I am trying to setup Azure Saml for the first time and I am hitting an issue that I cannot seem to find an answer to.    So when using the forticlient I can get to show the microsoft login page but after I enter the user/password I get this.

 

AADSTS700016: Application with identifier '' was not found in the directory ''. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

 

Everything I can find seems to point to the making sure the Azure Application Identifier (Entity ID) and the fortigate Entity-ID match but I have verified it and they do match so not sure what else to look at.

 

Eddie

4 REPLIES 4
jhussain_FTNT

Hi,

The error seams to relate to The issuer attribute sent from the application to Azure AD in the SAML request doesn’t match the Identifier value that's configured for the application in Azure AD.Kindly refer the below document.

 

https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts70001-app-not...

Kindly refer the below document to configure Fortigate with Azure SAML

 

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/azure-administration-guide/584456/co...

 

Regards

Jamal

pminarik
Staff
Staff

You're on the right track. This means that the entity ID of the Service Provider (FortiGate) doesn't match on both sides, or possibly doesn't even exist in Azure at all.

On the FortiGate-side, this is the value in the "entity-id" option.

On Azure-side, this is "Identifier (Entity ID)".

 

This, and some other possible errors, has some commentary in the following KB article:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SAML-SSO-login-for-FortiGate/t...

 

Note: While the guide focuses on SAML for admin login, the Azure-side error messages are the same even if you use it for SSL-VPN or captive portal.

[ corrections always welcome ]
EddieAllen3
New Contributor

All it ended up being was one single /  missing from the end of the path.   Totally missed it was I was comparing the two paths.

Muhammad_Haiqal

Hi @EddieAllen3 ,

Thank you for the update.
The issue is solved by adding / symbol at the path.

haiqal
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors