Since FortiOS 7.0.1, bug 715100 is resolved and should allow the use of an external browser to perform SAML authentication instead of the FortiClient embedded login window.
The release note states :
Allow FortiClient to use a browser as an external user agent to perform SAML authentication for SSL VPN tunnel mode. In prior versions, SAML authentication must be performed within the FortiClient embedded login window. A new setting is added to configure the SAML redirection port upon successful SAML authentication:
config vpn ssl settings
set saml-redirect-port <port>
Has anyone a clue on how setting an alternate SAML redirect port on the Fortigate side will instruct the FortiClient to open the default browser on the client ?
I tried to force another port instead of the default 8020 but FortiClient still uses the default embedded login window.
I'd like to use an external browser so it will know how to interact with a WebAuthn device.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.