Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
edumor
New Contributor

SSL-VPN Bookmarks SSO with SAML auth

Hello,

 

SAML auth is working with external IdP (keycloack) for the SSL-VPN Web mode.

 

After login in succesfully if I activate SSO on the bookmarks, then it stops working showing "Internal: Invalid parameter" error. It seems that the FW is not redirecting to the URL in the bookmark. The same bookmark without SSO redirects and works fine.

 

Has anyone ever configured this? 

Any help would be grate.

Thanks, Edu

 

 

5 REPLIES 5
johnathan
Staff
Staff

It seems like the commands seen in this article will solve your issue:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-the-error-Internal-invali...

"Never trust a computer you can't throw out a window."
Sheikh
Staff
Staff

Hello @edumor,

 

In addition to @johnathan, this is a per-VDOM setting and affects all bookmarks in that VDOM.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
hbac
Staff
Staff
edumor
New Contributor

Hello,

 

Thanks all for the replys.

 

I don't have V-DOMs configured and this setting is already set. If I authenticate against the LDAP server, the SSO on the bookmarks works fine. The problem is when the authentication is done through the SAML (Single Sing-On button in the VPN Web Portal).

 

I think that the problem is that the authentication is not done against the firewall but against the IdP server.

When you select SSO button in the portal:

 

SAML_login.png

it redirects you to the IdP Server Portal authentication instead of typing your credencials on the VPN Web Portal.

Then the firewall does not store the user credentials.

 

I have been doing more tests and each time I select the SSO alternative method on the bookmarks the redirection works fine.

 

Regards,

Edu

edumor
New Contributor

Hello,

 

Please any help on this?

 

Maybe the problem is that the SAML login (introduced in the IdP login page) can't be used to pass it through the bookmarks?

I don't find any documentation relatives to this use of SAML SSO.

 

Thanks,

Edu

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors