Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
edumor
New Contributor

Created on ‎04-23-2024 08:50 AM

SSL-VPN Bookmarks SSO with SAML auth

Hello,

 

SAML auth is working with external IdP (keycloack) for the SSL-VPN Web mode.

 

After login in succesfully if I activate SSO on the bookmarks, then it stops working showing "Internal: Invalid parameter" error. It seems that the FW is not redirecting to the URL in the bookmark. The same bookmark without SSO redirects and works fine.

 

Has anyone ever configured this? 

Any help would be grate.

Thanks, Edu

 

 

Labels:
1095
0 Kudos
5 REPLIES 5
johnathan
Staff
Staff

Created on ‎04-24-2024 06:12 AM

It seems like the commands seen in this article will solve your issue:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-the-error-Internal-invali...

"Never trust a computer you can't throw out a window."
1046
0 Kudos
Sheikh
Staff
Staff

Created on ‎04-24-2024 06:29 AM

Hello @edumor,

 

In addition to @johnathan, this is a per-VDOM setting and affects all bookmarks in that VDOM.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
1039
0 Kudos
hbac
Staff
Staff

Created on ‎04-24-2024 06:43 AM

Hi @edumor,

 

Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-the-error-Internal-invali...

 

Regards,

1024
0 Kudos
edumor
New Contributor
In response to hbac

Created on ‎04-24-2024 09:29 AM

Hello,

 

Thanks all for the replys.

 

I don't have V-DOMs configured and this setting is already set. If I authenticate against the LDAP server, the SSO on the bookmarks works fine. The problem is when the authentication is done through the SAML (Single Sing-On button in the VPN Web Portal).

 

I think that the problem is that the authentication is not done against the firewall but against the IdP server.

When you select SSO button in the portal:

 

SAML_login.png

it redirects you to the IdP Server Portal authentication instead of typing your credencials on the VPN Web Portal.

Then the firewall does not store the user credentials.

 

I have been doing more tests and each time I select the SSO alternative method on the bookmarks the redirection works fine.

 

Regards,

Edu

1006
0 Kudos
edumor
New Contributor
In response to edumor

Created on ‎04-29-2024 03:59 AM

Hello,

 

Please any help on this?

 

Maybe the problem is that the SAML login (introduced in the IdP login page) can't be used to pass it through the bookmarks?

I don't find any documentation relatives to this use of SAML SSO.

 

Thanks,

Edu

917
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.