Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jason1683416
New Contributor II

Created on ‎08-17-2024 09:24 AM

The first connection using Microsoft Entra SSO integration with FortiGate SSL VPN may fail randomly.

Operating Environment

  • FortiGate-91G 
  • v7.0.15 build7342 (Mature)
  • FortiClient VPN 7.4.0.1658

Currently, when using SSO to connect to the SSL VPN, if there has been a period of inactivity, the SAML login may fail. There are no issues with the Microsoft authentication window during the verification process, and the FortiGate SSL VPN application on Entra shows a successful authentication. However, after the Microsoft authentication window successfully closes, FortiClient remains on the pre-login screen without displaying any progress percentage or pop-up window. The user needs to click connect again and go through Microsoft authentication once more. On the second attempt, FortiClient successfully shows the connection progress percentage, and the login is successful.

When this issue occurs, the user must repeat the same steps and complete the authentication process twice, as the first connection attempt does not result in any progress.

I enabled debugging on FortiGate using the following commands:

diagnose debug application sslvpn -1
diagnose debug application samld -1
While comparing the information between a failed login with no errors and a subsequent successful login, I found that the difference between the two lies ,The following four error messages appeared during the failed login:
[1864:root:bb62]req: /sslvpn/portal.html
[1864:root:bb62]mza: 0x2f65b08 /sslvpn/portal.html
[1864:root:bb62]rmt_web_auth_info_parser_common:492 no session id in auth info
[1864:root:bb62]rmt_web_access_check:760 access failed, uri=[/sslvpn/portal.html],ret=4103,
I need to seek everyone's help.


failed login:


[1864:root:bb62]allocSSLConn:307 sconn 0x7f87f56a00 (0:root)
[1864:root:bb62]SSL state:before SSL initialization (XX.XX.XX.XX)
[1864:root:bb62]SSL state:before SSL initialization:system lib(XX.XX.XX.XX)
[1864:root:bb62]SSL state:before SSL initialization (XX.XX.XX.XX)
[1864:root:bb62]got SNI server name: XXXXXX realm (null)
[1864:root:bb62]client cert requirement: yes
[1864:root:bb62]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data:system lib(XX.XX.XX.XX)
[1865:root:bb59]allocSSLConn:307 sconn 0x7f87f57800 (0:root)
[1865:root:bb59]SSL state:before SSL initialization (XX.XX.XX.XX)
[1865:root:bb59]SSL state:before SSL initialization:system lib(XX.XX.XX.XX)
[1865:root:bb59]SSL state:before SSL initialization (XX.XX.XX.XX)
[1865:root:bb59]got SNI server name: XXXXXX realm (null)
[1865:root:bb59]client cert requirement: yes
[1865:root:bb59]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write change cipher spec (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 early data:system lib(XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1864:root:bb62]got SNI server name: XXXXXX realm (null)
[1864:root:bb62]client cert requirement: yes
[1864:root:bb62]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1865:root:bb59]got SNI server name: XXXXXX realm (null)
[1865:root:bb59]client cert requirement: yes
[1865:root:bb59]SSL state:SSLv3/TLS read client hello (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 write encrypted extensions (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write certificate request (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write certificate (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write server hello (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 write encrypted extensions (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write certificate request (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write certificate (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 write server certificate verify (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data:system lib(XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 write server certificate verify (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write finished (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1865:root:bb59]SSL state:TLSv1.3 early data:system lib(XX.XX.XX.XX)
[1864:root:bb62]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS read client certificate (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[1864:root:bb62]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[1864:root:bb62]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[1864:root:bb62]No client certificate
[1864:root:bb62]req: /remote/saml/login
[1864:root:bb62]fsv_rmt_saml_login_cb:99 magic id: magic=1-7484aebXXXXXXXX
[1864:root:bb62]fsv_rmt_saml_login_cb:120 idx 1 epoch: 7484aebXXXXXXXX
[1865:root:bb59]SSL state:TLSv1.3 early data (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS read client certificate (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS read finished (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[1865:root:bb59]SSL state:SSLv3/TLS write session ticket (XX.XX.XX.XX)
[1865:root:bb59]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384
[1865:root:bb59]No client certificate
__samld_sp_login_resp [831]:
SP Login Response Msg Body
<samlp:Response ID="_492f149d-919d-4748-89f2-c9a140XXXXXX" Version="2.0" IssueInstant="2024-08-17T10:07:46.470Z" Destination="https://XXX
XXX:10443/remote/saml/login" InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Iss
uer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</Issuer><samlp:Status><samlp:S
tatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><Assertion ID="XXX-89ff-XXX-XXX-XXX" IssueInstan
t="2024-08-17T10:07:46.467Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://sts.windows.net/XXX-XXX-XXX-9a
4c-XXX/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.or
g/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-XXX
-XXX-XXX"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www
.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0ywyZxJmP
vy7q6LEqTrej8x8HBjFGZK/oqM=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kc
TVANhMEmLqTDKkImFXXXslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmA
k/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==
</SignatureValue><KeyInfo><X509Data><X509Certificate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZ
nQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1N
PIENlcnRpZmljYXRlMIIBIjAXXXKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8XXXsC
mHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWNS7x
CFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAXXXl6sr2yuFFUhQIDAQABMA0GCSqGSIb3DQEBC
wUAA4IBAQB4E+cFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6pPD+6TDe7B1Sf
s9MAGHwU39V9vb3oOQ6Z4IoF85JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPzOEs
uDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Format=
"urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:SAML
:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:07:46.375Z" Recipient="h
ttps://XXXXXX:10443/remote/saml/login"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-08-17T10:02:46.375Z" NotOnOr
After="2024-08-17T11:07:46.375Z"><AudienceRestriction><Audience>https://XXXXXX:10443/remote/saml/metadata</Audience></AudienceRe
striction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>XXX-56
06-XXX-XXX-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><Attribu
teValue>XXX-8085-XXX-a148-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identit
yprovider"><AttributeValue>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</AttributeValue></Attribute><Attribute Name="http://s
chemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/pass
word</AttributeValue><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://sch
emas.microsoft.com/ws/2008/06/identity/claims/wids"><AttributeValue>XXX-3ef9-4689-8143-XXX</AttributeValue></Attribute><Attribut
e Name="username"><AttributeValue>XXXXXX</AttributeValue></Attribute><Attribute Name="group"><AttributeValue>XXX-XXX-4
dfc-b321-XXX</AttributeValue><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="givenn
ame"><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="name"><AttributeValue>XXXXXX</AttributeValue></Attrib
ute><Attribute Name="surname"><AttributeValue>XXX</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-08-17T10:
07:46.433Z" SessionIndex="XXX-89ff-XXX-XXX-XXX"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Pa
ssword</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
__samld_sp_login_resp [852]:
**** Assertion Dump ****
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="XXX-89ff-XXX-XXX-431a1
7ee3b00" IssueInstant="2024-08-17T10:07:46.467Z" Version="2.0"><Issuer>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</Issuer><
Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-XXX-XXX-XXX"><Trans
forms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c1
4n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0yXXXej8x8HBjFGZK/oqM
=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kcTVANhMEmLqTDKkImF7vaqpRbCb
Tr2DKqKGBu/vhXaETslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmAk/YK0ixt34i9KM/OsD8AJQQPum
orc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==</SignatureValue><KeyInfo>
<X509Data><X509Certificate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFN
TTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANB
gkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8XXXsCmHDx6WYENh3kYCri4wSQsjzO+M
c9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWNS7xCFRTgHTbA8RdP1CVAfKOFg2YJP
qX+jvMwhzc0BghXIcAXXXl6sr2yuFFUhQIDAQABMA0GXXXFCO0G8SYKcX/
JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6XXXb3oOQ6Z4IoF85
JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPzOEsuDXLXffChGgUTY1H6iyEC5ed/U
HqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Format="urn:oasis:names:tc:SAML:1
.1:XXX-format:emailAddress">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectCo
nfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:07:46.375Z" Recipient="https://XXXXXXm.t
w:10443/remote/saml/login"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-08-17T10:02:46.375Z" NotOnOrAfter="2024-08-17T11:07:46
.375Z"><AudienceRestriction><Audience>https://XXXXXX:10443/remote/saml/metadata</Audience></AudienceRestriction></Conditions><At
tributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>XXX-XXX-XXX-XXX-XXX<
/AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>XXX-8085-XXX
-a148-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue
>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claim
s/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue><Attr
ibuteValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/ws/2008
/06/identity/claims/wids"><AttributeValue>XXX-3ef9-4689-8143-XXX</AttributeValue></Attribute><Attribute Name="username"><Attribu
teValue>XXXXXX</AttributeValue></Attribute><Attribute Name="group"><AttributeValue>XXX</Att
ributeValue><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="givenname"><AttributeValue>XXX<
/AttributeValue></Attribute><Attribute Name="name"><AttributeValue>XXXXXX</AttributeValue></Attribute><Attribute Name="surna
me"><AttributeValue>XXX</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-08-17T10:07:46.433Z" SessionIndex="
XXX-89ff-XXX-XXX-XXX"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassR
ef></AuthnContext></AuthnStatement></Assertion>
***********************
__samld_sp_login_resp [859]: Clock skew tolerance: 0

__samld_parse_attr_statement [221]:
__samld_sp_login_resp [890]:
**** SP session Dump ****
<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2"><Assertion RemoteProviderID="https://sts.windows.net/XXX-XXX
-XXX-XXX-XXX/"><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_2c8
61144-89ff-XXX-XXX-XXX" IssueInstant="2024-08-17T10:07:46.467Z" Version="2.0"><Issuer>https://sts.windows.net/XXX-XXX-XXX-9a
4c-XXX/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.or
g/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-XXX
-XXX-XXX"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www
.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0ywyZxJmP
vy7q6LEqTrej8x8HBjFGZK/oqM=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kc
TVANhMEmLqTDKkImFXXXslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmA
k/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==
</SignatureValue><KeyInfo><X509Data><X509Certificate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZ
nQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1N
PIENlcnRpZmljYXRlMIIBIjAXXXKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8XXXsC
mHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWNS7x
CFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAXXXl6sr2yuFFUhQIDAQABMA0GCSqGSIb3DQEBC
wUAA4IBAQB4E+cFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6pPD+6TDe7B1Sf
s9MAGHwU39V9vb3oOQ6Z4IoF85JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPzOEs
uDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Format=
"urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:SAML
:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:07:46.375Z" Recipient="h
ttps://XXXXXX:10443/remote/saml/login"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-08-17T10:02:46.375Z" NotOnOr
After="2024-08-17T11:07:46.375Z"><AudienceRestriction><Audience>https://XXXXXX:10443/remote/saml/metadata</Audience></AudienceRe
striction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>XXX-56
06-XXX-XXX-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><Attribu
teValue>XXX-8085-XXX-a148-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identit
yprovider"><AttributeValue>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</AttributeValue></Attribute><Attribute Name="http://s
chemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/pass
word</AttributeValue><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://sch
emas.microsoft.com/ws/2008/06/identity/claims/wids"><AttributeValue>XXX-3ef9-4689-8143-XXX</AttributeValue></Attribute><Attribut
e Name="username"><AttributeValue>XXXXXX</AttributeValue></Attribute><Attribute Name="group"><AttributeValue>XXX-XXX-4
dfc-b321-XXX</AttributeValue><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="givenn
ame"><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="name"><AttributeValue>XXXXXX</AttributeValue></Attrib
ute><Attribute Name="surname"><AttributeValue>XXX</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-08-17T10:
07:46.433Z" SessionIndex="XXX-89ff-XXX-XXX-XXX"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Pa
ssword</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></Assertion><NidAndSessionIndex ProviderID="https://sts.windows.net/5
f03c446-XXX-XXX-XXX-XXX/" AssertionID="XXX-89ff-XXX-XXX-XXX" SessionIndex="XXX-89ff-XXX-XXX-XXX"
>
<saml:XXX xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXX
XXX</saml:XXX>
</NidAndSessionIndex>
</Session>
***********************
__samld_sp_login_resp [892]:
**** SP Login Dump ****
<lasso:Login xmlns:lasso="http://www.entrouvert.org/namespaces/lasso/0.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:o
asis:names:tc:SAML:2.0:assertion" LoginDumpVersion="2"><lasso:Request><samlp:AuthnRequest ID="_D241BED1D068ED26DF88E08DB7A4BD37" Version="2.0"
IssueInstant="2024-08-17T10:06:47Z" Destination="https://login.microsoftonline.com/XXX-XXX-XXX-XXX-XXX/saml2" SignType="0" S
ignMethod="0" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceUR
L="https://XXXXXX:10443/remote/saml/login"><saml:Issuer>https://XXXXXX:10443/remote/saml/metadata</saml:Issuer><sa
mlp:XXXPolicy Format="urn:oasis:names:tc:SAML:1.1:XXX-format:unspecified" AllowCreate="true"/></samlp:AuthnRequest></lasso:Request><lass
o:Response><samlp:Response ID="_492f149d-919d-4748-89f2-c9a140XXXXXX" InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" Version="2.0" IssueInst
ant="2024-08-17T10:07:46.470Z" Destination="https://XXXXXX:10443/remote/saml/login" SignType="0" SignMethod="0"><saml:Issuer>htt
ps://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:sta
tus:Success"/></samlp:Status><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="XXX-89ff-XXX-XXX-XXX" IssueInstant=
"2024-08-17T10:07:46.467Z" Version="2.0"><Issuer>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</Issuer><Signature xmlns="http:
//www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algor
ithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-XXX-XXX-XXX"><Transforms><Transform Algor
ithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><Di
gestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0yXXXej8x8HBjFGZK/oqM=</DigestValue></Refer
ence></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kcTVANhMEmLqTDKkImFXXXslA7P
2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmAk/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8L
iTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==</SignatureValue><KeyInfo><X509Data><X509Certifi
cate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeF
w0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8
AMIIBCgKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8XXXsCmHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu
1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWNS7xCFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAwerW
kFesR+apDDkrWLujo1vYiuYVu/Tp8GBXXXIb3DQEBCwUAA4IBAQB4E+cFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tb
dLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6XXXb3oOQ6Z4IoF85JQ4vwtRaSP8S5RHMetio8r
ChBLVsnq9ZkZ8P980MnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPzOEsuDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AzOgOKPsB1IfP
ZIY5l4nWAXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Format="urn:oasis:names:tc:SAML:1.1:XXX-format:email
Address">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InRespo
nseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:07:46.375Z" Recipient="https://XXXXXX:10443/remote/saml/lo
gin"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-08-17T10:02:46.375Z" NotOnOrAfter="2024-08-17T11:07:46.375Z"><AudienceRestri
ction><Audience>https://XXXXXX:10443/remote/saml/metadata</Audience></AudienceRestriction></Conditions><AttributeStatement><Attr
ibute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>XXX-XXX-XXX-XXX-XXX</AttributeValue></Attr
ibute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>XXX-8085-XXX-a148-XXX</At
tributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>https://sts.windows.n
et/XXX-XXX-XXX-XXX-XXX/</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferenc
es"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue><AttributeValue>http://sche
mas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/wi
ds"><AttributeValue>XXX-3ef9-4689-8143-XXX</AttributeValue></Attribute><Attribute Name="username"><AttributeValue>XXX
XXX</AttributeValue></Attribute><Attribute Name="group"><AttributeValue>XXX</AttributeValue><Attribute
Value>XXX</AttributeValue></Attribute><Attribute Name="givenname"><AttributeValue>XXX</AttributeValue></Attr
ibute><Attribute Name="name"><AttributeValue>XXXXXX</AttributeValue></Attribute><Attribute Name="surname"><AttributeValue>XXX
</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-08-17T10:07:46.433Z" SessionIndex="XXX-89ff-XXX-b8
54-XXX"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></Au
thnStatement></Assertion></samlp:Response></lasso:Response><lasso:XXXentifier><saml:XXX Format="urn:oasis:names:tc:SAML:1.1:XXX-forma
t:emailAddress">XXXXXX</saml:XXX></lasso:XXXentifier><lasso:RemoteProviderID>https://sts.windows.net/XXX-XXX-486
5-XXX-XXX/</lasso:RemoteProviderID><lasso:MsgUrl>https://login.microsoftonline.com/XXX-XXX-XXX-XXX-XXX/saml2?SAMLRe
quest=lZJNj5swEIb%2FCvIdMOAQaiWRknVWjbRt0SbtoZfKMUPWEtjXXX%2BZR%2Fg6AvroW98Z5PPFmozOcCtRIzeyB%2BRe8eP23QPP
E8oHZ71VtiMvIq8nJCI4r60h0UGsyReRs2y3F5mgZbUXeSnuq2pPK7FbbtlOFEsSfQKHoX9NQjyEEEc4GPTS%2BFCiOYtpFWfLU0Y5LTlbfiaRCAzaSD%2BnnrwfkKdpZy%2FaJL1WzqJt
XXX%2FxclDSdyHIS3VunYHa1Jq3sEKaJ6gClr%2FC7Uv%2B0stOm0ebyupDzrQn529OpjusPxxOJtr8k3VmDYw%2FuCO6qFXx8fPgDdB
1MIh3gxQGYCSTxzzyjjBWpg956mGe%2BcZPNajrw2Z7b%2FOcTPXjZSC9XXXX4u84%2B3zmQPsj0bgSSbm6f%2Fr2gmx
8%3D&amp;RelayState=magic%3D1-7484aebXXXXXXXX&amp;SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&amp;Signature=jpi5bS
5%2FKSKVEebEaGld%2FP%2B6knQefItypUvCNquhti0cUePyCR7ujypexCZ%2BRVluaFp%2FjbDE8ifx95FNx6woCjPNLp81D00PlctQt9FAuVIykK88p3ee1fxQHI%2F26Hp9DrIVFm%2
F0IMXXXUL5sDAhFXXXB1IG9m4E6GVC56z%2FInhf1r%2Byk2hRGy7g%2Fe2pqywfy5H8
dub%2BCEdSxyVg810HjIMOpOXXXOIPp6lvPnVhf7h7bJ1gGP1Rvug%3D%3D</lasso:MsgUrl><lasso:MsgRelayState>magic=1-7484aeb10c0e
1b53</lasso:MsgRelayState><lasso:HttpRequestMethod>4</lasso:HttpRequestMethod><lasso:RequestID>_D241BED1D068ED26DF88E08DB7A4BD37</lasso:Reques
tID></lasso:Login>
***********************
__samld_sp_login_resp [894]:
__samld_sp_create_logout_req [956]:
SP Session Dump
<Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2"><Assertion RemoteProviderID="https://sts.windows.net/XXX-XXX
-XXX-XXX-XXX/"><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_2c8
61144-89ff-XXX-XXX-XXX" IssueInstant="2024-08-17T10:07:46.467Z" Version="2.0"><Issuer>https://sts.windows.net/XXX-XXX-XXX-9a
4c-XXX/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.or
g/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-XXX
-XXX-XXX"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www
.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0ywyZxJmP
vy7q6LEqTrej8x8HBjFGZK/oqM=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kc
TVANhMEmLqTDKkImFXXXslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmA
k/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==
</SignatureValue><KeyInfo><X509Data><X509Certificate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZ
nQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1N
PIENlcnRpZmljYXRlMIIBIjAXXXKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8XXXsC
mHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWNS7x
CFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAXXXl6sr2yuFFUhQIDAQABMA0GCSqGSIb3DQEBC
wUAA4IBAQB4E+cFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6pPD+6TDe7B1Sf
s9MAGHwU39V9vb3oOQ6Z4IoF85JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPzOEs
uDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Format=
"urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:SAML
:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:__samld_sp_create_logout
_req [1008]:
**** SP Logout request ****
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_DAF3D8AC746CE1
7ACBB580EF3E932A19" Version="2.0" IssueInstant="2024-08-17T10:07:46Z" Destination="https://login.microsoftonline.com/XXX-XXX-XXX-XXX-b
c43bfdXXX/saml2" SignType="0" SignMethod="0"><saml:Issuer>https://XXXXXX:10443/remote/saml/metadata</saml:Issuer><saml:XXX
Format="urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</saml:XXX><samlp:SessionIndex>XXX-89ff-XXX-
XXX-XXX</samlp:SessionIndex>
</samlp:LogoutRequest>
***********************
__samld_sp_create_logout_req [1013]:
samld_send_common_reply [114]: Code: 0, id: 47970, data_len: 15059
samld_send_common_reply [122]: Attr: 14, 7694, <lasso:Login xmlns:lasso="http://www.entrouvert.org/namespaces/lasso/0.0" xmlns:samlp="urn:
oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" LoginDumpVersion="2"><lasso:Request><samlp:AuthnRequest I
D="_D241BED1D068ED26DF88E08DB7A4BD37" Version="2.0" IssueInstant="2024-08-17T10:06:47Z" Destination="https://login.microsoftonline.com/5f03c44
6-XXX-XXX-XXX-XXX/saml2" SignType="0" SignMethod="0" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML
:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://XXXXXX:10443/remote/saml/login"><saml:Issuer>https://XXXeen
.com.tw:10443/remote/saml/metadata</saml:Issuer><samlp:XXXPolicy Format="urn:oasis:names:tc:SAML:1.1:XXX-format:unspecified" AllowCreate
="true"/></samlp:AuthnRequest></lasso:Request><lasso:Response><samlp:Response ID="_492f149d-919d-4748-89f2-c9a140XXXXXX" InResponseTo="_D241BE
D1D068ED26DF88E08DB7A4BD37" Version="2.0" IssueInstant="2024-08-17T10:07:46.470Z" Destination="https://XXXXXX:10443/remote/saml/
login" SignType="0" SignMethod="0"><saml:Issuer>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</saml:Issuer><samlp:Status><saml
p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_
2c861144-89ff-XXX-XXX-XXX" IssueInstant="2024-08-17T10:07:46.467Z" Version="2.0"><Issuer>https://sts.windows.net/XXX-XXX-XXX
-XXX-XXX/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3
.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#XXX-89ff-4
35e-XXX-XXX"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://
www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0ywyZx
JmPvy7q6LEqTrej8x8HBjFGZK/oqM=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEFBxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K
5kcTVANhMEmLqTDKkImFXXXslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7dW7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77C
LmAk/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wU
A==</SignatureValue><KeyInfo><X509Data><X509Certificate>MXXXajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3
NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3XXXKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQg
U1NPIENlcnRpZmljYXRlMIIBIjAXXXKCAQXXXRq+4oq/qtHVnuqvV3BhvVLLXLZ8Rh8z20g3TwoW1TzORbT5t0jNrE4t8D2gKpI+YQ
bsCmHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaXXXUysWN
S7xCFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAXXXl6sr2yuFFUhQIDAQABMA0GCSqGSIb3DQ
EBCwUAA4IBAQB4E+cFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcyD49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6pPD+6TDe7B
1Sfs9MAGHwU39V9vb3oOQ6Z4IoF85JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgXXXX9mWxhCRrkAHd3ISuq4VRN+bzPz
OEsuDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509Data></KeyInfo></Signature><Subject><XXX Form
at="urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</XXX><SubjectConfirmation Method="urn:oasis:names:tc:S
AML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" NotOnOrAfter="2024-08-17T11:07:46.375Z" Recipient
="https://XXXXXX:10443/remote/saml/login"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-08-17T10:02:46.375Z" NotO
nOrAfter="2024-08-17T11:07:46.375Z"><AudienceRestriction><Audience>https://XXXXXX:10443/remote/saml/metadata</Audience></Audienc
eRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>XXX
-XXX-XXX-XXX-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><Attr
ibuteValue>XXX-8085-XXX-a148-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/iden
tityprovider"><AttributeValue>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</AttributeValue></Attribute><Attribute Name="http:
//schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/p
assword</AttributeValue><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://
schemas.microsoft.com/ws/2008/06/identity/claims/wids"><AttributeValue>XXX-3ef9-4689-8143-XXX</AttributeValue></Attribute><Attri
bute Name="username"><AttributeValue>XXXXXX</AttributeValue></Attribute><Attribute Name="group"><AttributeValue>XXX-a19
8-4dfc-b321-XXX</AttributeValue><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="giv
enname"><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="name"><AttributeValue>XXXXXX</AttributeValue></Att
ribute><Attribute Name="surname"><AttributeValue>XXX</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-08-17T
10:07:46.433Z" SessionIndex="XXX-89ff-XXX-XXX-XXX"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes
:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response></lasso:Response><lasso:XXXentifier><saml:Name
ID Format="urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</saml:XXX></lasso:XXXentifier><lasso:RemoteP
roviderID>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</lasso:RemoteProviderID><lasso:MsgUrl>https://login.microsoftonline.co
m/XXX-XXX-XXX-XXX-XXX/saml2?SAMLRequest=lZJNj5swEIb%2FCvIdMOAQaiWRknVWjbRt0SbtoZfKMUPWEtjUY7Ltv68h%2FdgeulKPHs9rz%2FNoVij7buD
b0T%2BZR%2Fg6AvroW98Z5PPXXXoHZ71VtiMvIq8nJCI4r60h0UGsyReRs2y3F5mgZbUXeSnuq2pPK7FbbtlOFEsSfQKHoX9NQjyEEEc4GPTS%2BFCiO
YtpFWfLU0Y5LTlbfiaRCAzaSD%2BnnrwfkKdpZy%2FaJL1WzqJtXXX%2FxclDSdyHIS3VunYHa1Jq3sEKaJ6gClr%2FC7Uv%2B0stOm0
ebyupDzrQn529OpjusPxxOXXXCSTxzzyjjBWpg956mGe%2BcZPNajrw2Z7b%2FOcTPXjZSC9X6ctHVrfFeR%2BIDqK2nVbfJz299P8GzpJ
srugmbudWPhocQOlWQxO4u84%2B3zmQPsj0bgSSbm6f%2Fr2gmx8%3D&amp;RelayState=magic%3D1-7484aebXXXXXXXX&amp;SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F
04%2Fxmldsig-more%23rsa-sha256&amp;Signature=jpi5bS5%2FKSKVEebEaGld%2FP%2B6knQefItypUvCNquhti0cUePyCR7ujypexCZ%2BRVluaFp%2FjbDE8ifx95FNx6woCjP
NLp81D00PlctQt9FAuVIykK88p3ee1fxQHI%2F26Hp9DrIVFm%2F0IMXXXUL5sDAhFKN%2FNuGMUWRJnN8NJiF7wm9ILbGkAbqBv3TD7R2233nAMfB48OVNP8Q954vDMg%2B
RB1IG9m4E6GVC56z%2FInhf1r%2Byk2hRGy7g%2Fe2pqywfy5H8dub%2BCEdSxyVg810HjIMOpOXXXOIPp6lvPnVhf7h7bJ1gGP1Rvug%3D%3D</las
so:MsgUrl><lasso:MsgRelayState>magic=1-7484aebXXXXXXXX</lasso:MsgRelayState><lasso:HttpRequestMethod>4</lasso:HttpRequestMethod><lasso:Reques
tID>_D241BED1D068ED26DF88E08DB7A4BD37</lasso:RequestID></lasso:Login>
samld_send_common_reply [122]: Attr: 13, 5321, <Session xmlns="http://www.entrouvert.org/namespaces/lasso/0.0" Version="2"><Assertion Remo
teProviderID="https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/"><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:sa
mlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="XXX-89ff-XXX-XXX-XXX" IssueInstant="2024-08-17T10:07:46.467Z" Version="2.0"><I
ssuer>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-mor
e#rsa-sha256"/><Reference URI="#XXX-89ff-XXX-XXX-XXX"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#env
eloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/200
1/04/xmlenc#sha256"/><DigestValue>BCVK3e1y0yXXXej8x8HBjFGZK/oqM=</DigestValue></Reference></SignedInfo><SignatureValue>cP7sURpEF
BxyMDP3UhVIzSJb2iCzUBhvSJkuM1Y0rDTeW3+QP/jTZsj4K5kcTVANhMEmLqTDKkImFXXXslA7P2ImJnyHS+eOzp/4v321rN/N1AmoCB+54FExSL17qx7d
W7BXYGxzyZBqwyMHV6KqYJObNpAZkkToISd0WC2neGvOn77CLmAk/YK0ixt34i9KM/OsD8AJQQPumorc4fP0Oq/vo6pubDSOb8LiTK+L0yMGKhwaw8rUy8gc6okLCDM5lTeAxlTIZqMKEl
905ics57YGIZOUUsgxJfJh4eQbvW/YZdErgJ5KizNLHn03wUA==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQKjniKdR1U5FDfe5bk6
ZtajANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDA3MDkwNTE5MzNaFw0yNzA3MDkwNTE5MzNaMDQx
MjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjAXXXKCAQXXXRq+4oq/qtHVnuqvV3
BhvVLLXLZ8XXXsCmHDx6WYENh3kYCri4wSQsjzO+Mc9g46+sNxLYs51GDFmF2cu1oSPxEp+yOOIlFyP00x7poyemrJaZqC/M2AN4YA2Jd0
2YsdD0zNAcUEKYqNTj9k7Q+gLmXXXNS7xCFRTgHTbA8RdP1CVAfKOFg2YJPqX+jvMwhzc0BghXIcAwerWkFesR+apDDkrWLujo1vYiuYVu/Tp8GBlG5Fslx9Ljfk
ucMFbhDZkTmubZ+8l6sr2yuFFUhQIDAQABMA0GXXXFCO0G8SYKcX/JVw3+cnhktKHc0gwXhA6tbdLIXlHuzhEdD1OxdB+P4bfzCqFExDfZKeTG0YUIPCcy
D49vrY0i7m5w6d/hKF1Y+U8nE1/79FclnMtnR6XXXb3oOQ6Z4IoF85JQ4vwtRaSPXXXnEmdRh8zOWuQSGKgdq/93Ft3W
UwuJrG1PKzjQLI1w/XNKAX9mWxhCRrkAHd3ISuq4VRN+bzPzOEsuDXLXffChGgUTY1H6iyEC5ed/UHqM0T0vM/AXXXXtkAvoF/Bl</X509Certificate></X509
Data></KeyInfo></Signature><Subject><XXX Format="urn:oasis:names:tc:SAML:1.1:XXX-format:emailAddress">XXXXXX</XXX><
SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_D241BED1D068ED26DF88E08DB7A4BD37" N
otOnOrAfter="2024-08-17T11:07:46.375Z" Recipient="https://XXXXXX:10443/remote/saml/login"/></SubjectConfirmation></Subject><Cond
itions NotBefore="2024-08-17T10:02:46.375Z" NotOnOrAfter="2024-08-17T11:07:46.375Z"><AudienceRestriction><Audience>https://XXXXXXm.t
w:10443/remote/saml/metadata</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/id
entity/claims/tenantid"><AttributeValue>XXX-XXX-XXX-XXX-XXX</AttributeValue></Attribute><Attribute Name="http://schemas.micro
soft.com/identity/claims/objectidentifier"><AttributeValue>XXX-8085-XXX-a148-XXX</AttributeValue></Attribute><Attribute Name="h
ttp://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>https://sts.windows.net/XXX-XXX-XXX-XXX-XXX/</A
ttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsof
t.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</Att
ributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/wids"><AttributeValue>XXX-3ef9-4689-8143
-XXX</AttributeValue></Attribute><Attribute Name="username"><AttributeValue>XXXXXX</AttributeValue></Attribute><Att
ribute Name="group"><AttributeValue>XXX</AttributeValue><AttributeValue>XXX<
/AttributeValue></Attribute><Attribute Name="givenname"><AttributeValue>XXX</AttributeValue></Attribute><Attribute Name="name"><AttributeValu
e>XXXXXX</AttributeValue></Attribute><Attribute Name="surname"><AttributeValue>XXX</AttributeValue></Attribute></AttributeSta
tement><AuthnStatement AuthnInstant="2024-08-17T10:07:46.433Z" SessionIndex="XXX-89ff-XXX-XXX-XXX"><AuthnContext><AuthnContex
tClassRef>urn:oasis:names:tc:SAMLsamld_send_common_reply [118]: Attr: 10, 103, 'http://schemas.microsoft.com/identity/claims/objectidentif
ier' 'XXX-8085-XXX-a148-XXX'
samld_send_common_reply [118]: Attr: 10, 128, 'http://schemas.microsoft.com/identity/claims/identityprovider' 'https://sts.windows.net/5f0
3c446-XXX-XXX-XXX-XXX/'
samld_send_common_reply [118]: Attr: 10, 142, 'http://schemas.microsoft.com/claims/authnmethodsreferences' 'http://schemas.microsoft.com/w
s/2008/06/identity/authenticationmethod/password'
samld_send_common_reply [118]: Attr: 10, 113, 'http://schemas.microsoft.com/claims/authnmethodsreferences' 'http://schemas.microsoft.com/c
laims/multipleauthn'
samld_send_common_reply [118]: Attr: 10, 102, 'http://schemas.microsoft.com/ws/2008/06/identity/claims/wids' 'XXX-3ef9-4689-8143-76b1
94e85509'
samld_send_common_reply [118]: Attr: 10, 38, 'username' 'XXXXXX'
samld_send_common_reply [118]: Attr: 10, 47, 'group' 'XXX'
samld_send_common_reply [118]: Attr: 10, 47, 'group' 'XXX'
samld_send_common_reply [118]: Attr: 10, 21, 'givenname' 'XXX'
samld_send_common_reply [118]: Attr: 10, 34, 'name' 'XXXXXX'
samld_send_common_reply [118]: Attr: 10, 16, 'surname' 'XXX'
samld_send_common_reply [122]: Attr: 11, 1113, https://login.microsoftonline.com/XXX-XXX-XXX-XXX-XXX/saml2?SAMLRequest=fZ
JPb%2BMgEMXv%2Byks7thg8J%2BgxKobJ1Kk7h42qx56qbA9Ti0Z8AJp%2B%2FGXOK3UrdSeQMP83pt5Yu2kmmZxZ07m7H%2FD3zM4H72qSTuxvGzQ2WphpBud0FKBE74Tx%2FrnnUhjIm
ZrvOnMhD4g3xPSObB%2BNBpFh2aDHpt6z5qy3hY83%2B5oUW9vb7OS7PZst2JpTVcougfrQv8GBTxAzp3hoJ2X2ocSSTkmJabFH0oEKQTPH1DUhB1GLf1CPXk%2FO5EkkzmNOlZjZ40zgz
d6GjXXXXtqhT1uWk%2BSyWYqq9eUUyxC2epd%2BnnUsLbiTBdAXydi%2FCEo4Z4kFZTwsdKLAy156uU4%2BilwVf4WgDk20N1ZJ%2F3WCNKZLZezxsL
QKUHKc6r4P9g5VfZ1TmqY3nxxxuDCznuFwNA%2BYsA9yWGQ83KmkBwFpCrjKfyB%2Fv1f%2F%2BUPUP&RelayState=magic%3D1-7484aebXXXXXXXX&S
igAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Uv0msD9MnVJ5UnixekPf8ZL73wasGZ3di5czKrwS12cxGBqxxFVirYd%2FYMTruJdj81N
ub2tQ6eShN%2Fu6D54jeJE0kro4NRchxxxxx1IfcKbVTT3dieF167NTqmx9aJI0bUGvMW54PaiQ70Mm7hdAp%2BIt7%2FarL%2BJo%2F1iKAcv1a272xFojt73e
v%2BdHAk8gdTjAxOphOlJh%2Fem%2B%2FOgrsW9%2B3Wed4b5ionN%2BsYMGzfatlUEW%2BtQF9vjXv0DTcqtmXO9KZpZIErbLdyFcVD3yBLXDJSzzYP3AvNzmQxDKnyWaKvByhExFJvzX
kY9oTXrWnCnLhmzJg%3D%3D
[1864:root:bb62]stmt: http://schemas.microsoft.com/identity/claims/tenantid
[1864:root:bb62]stmt: http://schemas.microsoft.com/identity/claims/objectidentifier
[1864:root:bb62]stmt: http://schemas.microsoft.com/identity/claims/identityprovider
[1864:root:bb62]stmt: http://schemas.microsoft.com/claims/authnmethodsreferences
[1864:root:bb62]stmt: http://schemas.microsoft.com/claims/authnmethodsreferences
[1864:root:bb62]stmt: http://schemas.microsoft.com/ws/2008/06/identity/claims/wids
[1864:root:bb62]stmt: username
[1864:root:bb62]fsv_saml_login_response:481 Got saml username: XXXXXX.
[1864:root:bb62]stmt: group
[1864:root:bb62]fsv_saml_login_response:493 Got group username: XXX.
[1864:root:bb62]stmt: group
[1864:root:bb62]fsv_saml_login_response:493 Got group username: XXX.
[1864:root:bb62]stmt: givenname
[1864:root:bb62]stmt: name
[1864:root:bb62]stmt: surname
[1864:root:bb62]sslvpn_auth_check_usrgroup:2978 forming user/group list from policy.
[1864:root:bb62]sslvpn_auth_check_usrgroup:3024 got user (0) group (3:1).
[1864:root:bb62]sslvpn_validate_user_group_list:1890 validating with SSL VPN authentication rules (2), realm ((null)).
[1864:root:bb62]sslvpn_validate_user_group_list:1975 checking rule 1 cipher.
[1864:root:bb62]sslvpn_validate_user_group_list:1983 checking rule 1 realm.
[1864:root:bb62]sslvpn_validate_user_group_list:1994 checking rule 1 source intf.
[1864:root:bb62]sslvpn_validate_user_group_list:2033 checking rule 1 vd source intf.
[1864:root:bb62]sslvpn_validate_user_group_list:2526 rule 1 done, got user (0:0) group (1:0) peer group (0).
[1864:root:bb62]sslvpn_validate_user_group_list:1975 checking rule 2 cipher.
[1864:root:bb62]sslvpn_validate_user_group_list:1983 checking rule 2 realm.
[1864:root:bb62]sslvpn_validate_user_group_list:1994 checking rule 2 source intf.
[1864:root:bb62]sslvpn_validate_user_group_list:2526 rule 2 done, got user (0:0) group (2:0) peer group (0).
[1864:root:bb62]sslvpn_validate_user_group_list:2534 got user (0:0) group (2:0) peer group (0).
[1864:root:bb62]sslvpn_validate_user_group_list:2876 got user (0:0), group (3:0) peer group (1).
[1864:root:bb62]sslvpn_update_user_group_list:1735 cert peer check failed, ignore peer user group(s) which has set user-peer in auth rules
[1864:root:bb62]sslvpn_update_user_group_list:1793 got user (0:0), group (3:0), peer group (1) after update.
[1864:root:bb62]fsv_saml_auth_group:329 find a remote match group: XXX, portal: tunnel-access, group: sslvpn_
Azure.
[1864:root:bb62]fsv_saml_auth_group:356 saml client cert: 0.
[1864:root:bb62]fsv_saml_auth_group:362 add saml group info name.
[1864:root:bb62]fsv_saml_auth_group:374 store remote saml groups (2) received from: azure.
[1864:root:bb62]fsv_saml_auth_group:380 store remote saml group[0]: XXX.
[1864:root:bb62]fsv_saml_auth_group:380 store remote saml group[1]: XXX.
[1864:root:bb62]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Ed
g/127.0.0.0
[1864:root:bb62]rmt_web_session_create:1209 create web session, idx[0]
[1864:root:bb62]User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Ed
g/127.0.0.0
[1864:root:bb62]deconstruct_session_id:709 decode session id ok, user=[XXXXXX], group=[sslvpn_Azure],authserver=[azure],port
al=[tunnel-access],host[XX.XX.XX.XX],realm=[],csrf_token=[99F94765C3DCADCB2C58BDF12BC6F60],idx=0,auth=256,sid=XXX,login=1723889266,acces
s=1723889266,saml_logout_url=yes,pip=no,grp_info=[ikAQ4a],rmt_grp_info=[7rTxX9]
[1864:root:bb62]deconstruct_session_id:709 decode session id ok, user=[XXXXXX], group=[sslvpn_Azure],authserver=[azure],port
al=[tunnel-access],host[XX.XX.XX.XX],realm=[],csrf_token=[99F94765C3DCADCB2C58BDF12BC6F60],idx=0,auth=256,sid=XXX,login=1723889266,acces
s=1723889266,saml_logout_url=yes,pip=no,grp_info=[ikAQ4a],rmt_grp_info=[7rTxX9]
[1864:root:bb62]deconstruct_session_id:709 decode session id ok, user=[XXXXXX], group=[sslvpn_Azure],authserver=[azure],port
al=[tunnel-access],host[XX.XX.XX.XX],realm=[],csrf_token=[99F94765C3DCADCB2C58BDF12BC6F60],idx=0,auth=256,sid=XXX,login=1723889266,acces
s=1723889266,saml_logout_url=yes,pip=no,grp_info=[ikAQ4a],rmt_grp_info=[7rTxX9]
[1864:root:bb62]req: /sslvpn/portal.html
[1864:root:bb62]mza: 0x2f65b08 /sslvpn/portal.html
[1864:root:bb62]rmt_web_auth_info_parser_common:492 no session id in auth info
[1864:root:bb62]rmt_web_access_check:760 access failed, uri=[/sslvpn/portal.html],ret=4103,
[1864:root:bb62]sslvpn_read_request_common,865, ret=-1 error=-1, sconn=0x7f87f56a00.
[1864:root:bb62]Destroy sconn 0x7f87f56a00, connSize=0. (root)
[1864:root:bb62]SSL state:warning close notify (XX.XX.XX.XX)
[1865:root:bb59]sslvpn_read_request_common,865, ret=-1 error=-1, sconn=0x7f87f57800.
[1865:root:bb59]Destroy sconn 0x7f87f57800, connSize=0. (root)
[1865:root:bb59]SSL state:warning close notify (XX.XX.XX.XX)

 

 

 

490
0 Kudos
5 REPLIES 5
lgupta
Staff
Staff

Created on ‎08-18-2024 08:08 AM

Hello Jason1683416, Good day!


Could you please confirm which browser you are using for authentication? FortiClient in-build or external browser.
Please try to switch to the other or try using FortiClient 7.2.4.0972 to see if that helps.

Thank you!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
467
0 Kudos
Jason1683416
New Contributor II
In response to lgupta

Created on ‎08-19-2024 06:28 AM

Hi,
I am currently testing FortiClient VPN version 7.2.4, and everything seems to be working smoothly with the internal browser. Please give me some time to see if the same issue occurs.

385
lgupta
Staff
Staff
In response to Jason1683416

Created on ‎08-20-2024 06:56 PM

Hello Jason1683416, Good day!'

If you have found a solution, please like and accept it to make it easily accessible to others.

Thank you!

 

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
337
0 Kudos
ap
Staff
Staff

Created on ‎08-18-2024 11:22 AM

Hi @Jason1683416 ,

 

After narrowing down whether issue occurs with internal browser or external browser, you can refer below additional steps also:

 

I will suggest to try Forticlient v7.2.3 and see if the issue still perisists or not (as suggested by below KB article):

https://community.fortinet.com/t5/Internal-Knowledge-Base-Articles/Troubleshooting-Tip-FortiClient-V...

 

If you are using licensed version of Forticlient, I will suggest to collect debug level logs and create support ticket with our Forticlient team:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-generate-and-export-Debug-logs-fr...

 

Regards,

Ankit

If you have found a solution, please like and accept it to make it easily accessible to others.

449
0 Kudos
Jason1683416
New Contributor II
In response to ap

Created on ‎08-19-2024 06:24 AM

Hi

Unfortunately, I am unable to preview this link because I do not have the necessary permissions.

I will suggest to try Forticlient v7.2.3 and see if the issue still perisists or not (as suggested by below KB article):

URL...

The original issue with version 7.4.0 was related to using the internal browser. However, after downgrading Forticlient VPN to version 7.2.4, the problem seems to have disappeared. I will continue to observe and test to confirm. However, when I try using an external browser with version 7.2.4, a completely different error occurs: the connect button is grayed out, Forticlient shows 'Connecting' with no progress percentage, and the window is completely frozen."

386
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.