my envronment is made by a cluster of 2 firewalls in active-passive mode running 7.0.10.
The login is successful to the primary and active device but i'm not able to login via sso to the standby unit.
The problem encountered is that the authentication works correctly on the shared IP address between the two firewalls (10.10.10.1) but when trying to login with SSO on the address of the single standby fw (example on 10.10.10.3) it fails to connect to the device because the SAML redirect address is the 10.10.10.1 one and thus it returns to the currently active router. Can it be fixed (maybe if i configure two different SAML authentications on the 2 devices)?
Ot this is a know limitation?
i didn't find any answer neither on the forum or google. thank you for your advise
You can use vdom-exception command to achieve this, Vdom mode not needed to be enabled to run this command. The command is used for Global configuration objects that can be configured independently across different ha peers for all VDOMs or for the defined VDOM scope.
> First configure the HA with the reserve management interface, so Interface IP does not get sync
not sure you can configure 2 entity IDs on the same SAML on fortigate based on this picture (should i manually configure first the active device and then the standby?), maybe it possibile on azure ad side.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.