Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlexBeaudet
New Contributor II

SAML config for VPN SSL

Hi,

I'm trying to configure SAML for our VPN SSL and can't seem to get it off the ground.

Read many KBs but no matter how I set it up I cannot even get the metadata page to show!

 

Fortigate 6.4.3

 

Config used so far

 

config user saml     edit "uqtr.sso.saml"         set cert "Fortigate2020"         set entity-id "https://publicIPofFortigate/remote/saml/metadata"         set single-sign-on-url "https://publicIPofFortigate/remote/saml/login"         set single-logout-url "https://publicIPofFortigate/remote/saml/logout"         set idp-entity-id "https://login.microsoftonline.com/b67129f2-c591-4816-b477-d36123123369309/saml2"         set idp-single-sign-on-url "https://sts.windows.net/b67129f2-c591-4816-b477-d312312369309/"         set idp-single-logout-url "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0"         set idp-cert "REMOTE_Cert_1"         set user-name "username"     next end

 

If I try to access the https://publicIPofFortigate/remote/saml/metadata URL it says web page cannot be found.

If I set it to "private IP addresses" inside our network I have an Error page.

 

Is there anything I need to activate on my Fortigate for this SAML SP setup to get going? Couldn't find any detail that I might have missed. 

 

I enabled HTTPS on the public and private interfaces of the Fortigate.

thanks for any input!

10 REPLIES 10
Debbie_FTNT

That's strange. The NGFW operating mode shouldn't have an impact on SSLVPN authentication, to my knowledge.

There was a known issue, fixed back in 6.4.1, regarding SAML authentication not working in NGFW policy-based mode, 625562, but I can't find anything for 6.4.8.
I would suggest opening a ticket with Technical Support so they can have a closer  look at your setup and run some troubleshooting commands to figure out why the SAML part is skipped.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors