Hi,
I am trying to set up FortiGate Web Authentication and SAML as idP but I am having issues, I am following this guide https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/33053
I have setup but the authentication portal is not kicking in, I have seen that on the Fortigate in the Interface, you can enable Security Mode "Capture Portal", does this need enabling as not mentioned in the guide?
Overview of what I have done.
1. Created Enterprise App in Entra ID.
2. Created a group in Entra ID added users and assigned to App.
3. Created a Single Sign-on on the FortiGate pointing to the Enterprise App.
4. Create a group on the FortiGate and set the Remote Server to Fortigate the Single-Sign-on and the Enterprise App group ID.
5. Created a Firewall rule to allow traffic out and added the Fortigate group created in step 4.
6. Create a Firewall rule to allow traffic in.
When I test from a client PC or the Enterprise App I get 2This site can't be reached."
I feel as if port 1003 is not enabled or working, do I need to allow this port or another step to enable Capture Port?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello julianhaines,
First of all, you do not need a rule to allow traffic in for SAML authentication.
Please run a saml debug on the FortiGate to see if you get any output.?
Also, please enable captive portal with IP 0.0.0.0 under authentication settings and try that way.
Hello,
You can use following useful KB article to capture traffic:
You can sniff with port number in question :
e.g.
diag sniff pack any "host x.x.x.x and port 1003" 4 0 l (where x.x.x.x is the destination or source ip in question) or you can just sniff with port number like: diag sniff pack any "port 1003" 4 0 l
Also a KB article:
Hello julianhaines,
First of all, you do not need a rule to allow traffic in for SAML authentication.
Please run a saml debug on the FortiGate to see if you get any output.?
Also, please enable captive portal with IP 0.0.0.0 under authentication settings and try that way.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.