Hi,
I'm trying to configure SAML for our VPN SSL and can't seem to get it off the ground.
Read many KBs but no matter how I set it up I cannot even get the metadata page to show!
Fortigate 6.4.3
Config used so far
config user saml edit "uqtr.sso.saml" set cert "Fortigate2020" set entity-id "https://publicIPofFortigate/remote/saml/metadata" set single-sign-on-url "https://publicIPofFortigate/remote/saml/login" set single-logout-url "https://publicIPofFortigate/remote/saml/logout" set idp-entity-id "https://login.microsoftonline.com/b67129f2-c591-4816-b477-d36123123369309/saml2" set idp-single-sign-on-url "https://sts.windows.net/b67129f2-c591-4816-b477-d312312369309/" set idp-single-logout-url "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0" set idp-cert "REMOTE_Cert_1" set user-name "username" next end
If I try to access the https://publicIPofFortigate/remote/saml/metadata URL it says web page cannot be found.
If I set it to "private IP addresses" inside our network I have an Error page.
Is there anything I need to activate on my Fortigate for this SAML SP setup to get going? Couldn't find any detail that I might have missed.
I enabled HTTPS on the public and private interfaces of the Fortigate.
thanks for any input!
That's strange. The NGFW operating mode shouldn't have an impact on SSLVPN authentication, to my knowledge.
There was a known issue, fixed back in 6.4.1, regarding SAML authentication not working in NGFW policy-based mode, 625562, but I can't find anything for 6.4.8.
I would suggest opening a ticket with Technical Support so they can have a closer look at your setup and run some troubleshooting commands to figure out why the SAML part is skipped.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.