Hello
I am working on a subject to set up authentication for web access for a user group outside the fsso domain.
I configured SAML with Azure but I cannot set up integrated Windows authentication without going through an ADFS server.
I thought about setting up authentication with a radius but I am still facing the same problem with integrated Windows authentication
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello telouat,
Thanks for your post, can you precise us which version of FortiGate you have and more info on your setup, please?
This way it will be easier for us to help you.
Regards,
Hi JP,
Thank you for your reply
This my configuration in Fortigate :
config user radius
edit "NPS"
set server "192.168.x.x"
set secret ENC rgKDAV8XLAHeZI2vqbyOt1BswHCYgyfTBOu1pUjAbHTsvR9Ft
set all-usergroup enable
set auth-type ms_chap_v2
next
end
config user group
edit "GU_NPS_Group"
set member "radius"
next
end
config firewall policy
edit 8
set name "LAN-auth-policy"
set uuid c1acc36e-c509-51ee-d874
set srcintf "lan"
set dstintf "wan"
set action accept
set srcaddr "test_ssl"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set groups "GU_NPS_Group"
next
end
I abandoned the idea of doing SAML because I cannot deploy ADFS for integrated windows authentication.
my need therefore as I cannot do SAML authentication with integrated Windows SSO without going through an ADFS server, I therefore switched to a configuration with Radius NPS windows but I cannot find how to do it without the user retyping their identifier.
thanks
Hi @telouat ,
As per my understanding now you are trying to configure remote RADIUS server (NPS).
have a look at this guide and verify your configuration :
thank you for the answer, I followed this tutorial and the fortigate asks me for authentication despite everything.
What happens when you test with CLI command ? Does it returns the attributes ?
I also see this value on your configuration :
set all-usergroup enable
Can you disable this and test again .
set all-usergroup disable
no change same result.
authentification test to radius is good.
I check de NPS Log
The NPS server has granted access to a user with success
What happens here when you try to authenticate here ?
Authentification success and I can see user session in fortigate
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1670 | |
1082 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.