Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ali_Manzoor
New Contributor

Created on ‎01-23-2025 12:44 AM

SAML fortigate for IPsec dialup remote users

Dear Team,

 

Please assist me to create Dialup IPsec with integration SAML, i have seen already prior posts but did not work for me.

Labels:
365
0 Kudos
7 REPLIES 7
srajeswaran
Staff
Staff

Created on ‎01-23-2025 01:29 AM

Have you tried the configuration suggested in https://docs.fortinet.com/document/fortigate/7.2.0/new-features/951346/saml-based-authentication-for...

Are you facing any specific issues/errors after configuration?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
348
Ali_Manzoor
New Contributor
In response to srajeswaran

Created on ‎01-23-2025 01:42 AM

Error: AADSTS700016

345
0 Kudos
srajeswaran
Staff
Staff
In response to Ali_Manzoor

Created on ‎01-23-2025 01:52 AM

Can you share some more details? Where do you see this error? When do you see this error.

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
336
Ali_Manzoor
New Contributor
In response to srajeswaran

Created on ‎01-23-2025 01:54 AM

Dear Suraj,

 

Let me try again and will revert ASAP.

333
0 Kudos
Ali_Manzoor
New Contributor
In response to srajeswaran

Created on ‎01-23-2025 02:38 AM

Issue.png

 

Facing this issue.

325
0 Kudos
Debbie_FTNT
Staff
Staff
In response to Ali_Manzoor

Created on ‎01-23-2025 06:39 AM

Is that URL the IPSec VPN gateway, or the SAML IdP?

If the IPSec VPN gateway, please ensure that it is reachable from where your FortiClient is, that IKE traffic is allowed, etc.

If that URL is the SAML IdP, please ensure that it is reachable from where your FortiClient is WITHOUT a tunnel. SAML authentication essentially functions like this:
- FortiClient connects to FortiGate (or other IPSec VPN gateway) to establish tunnel

- FortiGate says: "No, go to this <URL/IP of SAML IdP> and authenticate, then come back"

- FortiClient then tries to connect to URL/IP as specified by FortiGate directly, without a tunnel, and authenticate there

 

Depending on whether FortiClient fails to connect to the IPSec VPN gateway, or the SAML IdP, further troubleshooting on the connection between them is required to determine what is going on.

 

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
303
0 Kudos
Ali_Manzoor
New Contributor
In response to Debbie_FTNT

Created on ‎01-23-2025 08:56 AM

Well, URL is VPN gateway, authentication is successful doing, after authentication its sucked. 

283
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.