I am trying to get SSO for my WIFI with Azure AD.
I created an Azure Enterprise Application and assigned Users.
I set up SSO in Fortigate.
I created a usergroup in Fortigate.
I created Policies to use that group for Wifi access
I added that group to the SSID
I set the Captive Portal to Disclaimer (for debug reasons) and when I accept the disclaimer, I am forwarded to login.microsoft.com - but there I get a certificate error because for some reason, Fortigate seems to replace the IDP certificate (that I of course added to the appliance) with the Fortigate Factory Certificate. I am at a loss here as I do not understand, where and why the certificate gets replaced... Can't find anything in the forums or anywhere online, I have been searching for 3 days now...
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Here's a screenshot of the problem I am facing. This is where I am redirected after accepting the disclaimer in the captive portal...
Hi @benKettner,
Can you check which certificate you are using? Looks like you are using self-signed certificate for captive portal.
config user setting
show full
Regards,
Thanks for getting back to me. This is the output of the user settings:
Hi @benKettner,
Can you set the certificate as follows:
config user setting
set auth-ca-cert "Fortinet_CA_SSL"
end
You can refer to this article at step 7: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Wireless-Authentication-using-SAML-Credent...
Regards,
Unfortunately that did not change anything except that the cert is now set in the user settings.
The problem was solved in a support call today. The solution was that the policy that contained the MS SSO URLs as Addresses and was Portal Exempt did not work - we changed it to "Services Azure" and then SSO started working. Weird, that was the last place I would have looked for the problem...
Hello,
I'm having this same problem, could you explain to me in more detail how you solved it?
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.