Dear forum,

I am unable to implement successful SAML authentication using azure entra ID for fortigate/forticlient vpn.

Fortigate 200F v7.2.10
FortiClient 7.4.0.1658
Azure/Entra ID for SAML Authentication
VPN Phase 1/2 settings working correctly (confirmed with local auth).

Any guidance would be greatly appreciated.

Logs:

Parkside-Core-FW1 # diagnose debug reset

Parkside-Core-FW1 # diagnose debug application ike -1
Debug messages will be on for 30 minutes.

Parkside-Core-FW1 # diagnose debug application fnbamd -1
Debug messages will be on for 30 minutes.

Parkside-Core-FW1 # diagnose debug enable

Parkside-Core-FW1 # [2579] handle_req-Rcvd auth cache message
[132] __saml_auth_cache_push-Auth cache created, user='F23484CE-7E30-4530-8175-C0754B374085', SAML_server='saml-entra-id', vfid=0
[139] __saml_auth_cache_push-Hash bucket 157
[3438] fsm_initialize-Sent ACCT-ON
[2085] fnbamd_cfg_init-
[468] fnbamd_add_ca_hash-new ca 'ACCVRAIZ1', subject '/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AC_RAIZ_FNMT-RCM', subject '/C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS', subject '/C=ES/O=FNMT-RCM/OU=Ceres/organizationIdentifier=VATES-Q2826004J/CN=AC RAIZ FNMT-RCM SE
RVIDORES SEGUROS', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ANF_Secure_Server_Root_CA', subject '/serialNumber=G63287510/C=ES/O=ANF Autoridad de Certificacion/OU=ANF CA Raiz/CN=ANF Secure Server
Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Actalis_Authentication_Root_CA', subject '/C=IT/L=Milan/O=Actalis S.p.A.\/03358520967/CN=Actalis Authentication Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Commercial', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Commercial', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Networking', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Networking', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Premium', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Premium', vfid -1
[468] fnbamd_add_ca_hash-new ca 'AffirmTrust_Premium_ECC', subject '/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_1', subject '/C=US/O=Amazon/CN=Amazon Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_2', subject '/C=US/O=Amazon/CN=Amazon Root CA 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_3', subject '/C=US/O=Amazon/CN=Amazon Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Amazon_Root_CA_4', subject '/C=US/O=Amazon/CN=Amazon Root CA 4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_2011', subject '/CN=Atos TrustedRoot 2011/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_Root_CA_ECC_TLS_2021', subject '/CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Atos_TrustedRoot_Root_CA_RSA_TLS_2021', subject '/CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_-_V1', subject '/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62
634068', vfid -1
[468] fnbamd_add_ca_hash-new ca 'BJCA_Global_Root_CA1', subject '/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'BJCA_Global_Root_CA2', subject '/C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Baltimore_CyberTrust_Root', subject '/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Buypass_Class_2_Root_CA', subject '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Buypass_Class_3_Root_CA', subject '/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CA_Disig_Root_R2', subject '/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CFCA_EV_ROOT', subject '/C=CN/O=China Financial Certification Authority/CN=CFCA EV ROOT', vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority'
, vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_ECC_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Au
thority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'COMODO_RSA_Certification_Authority', subject '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Au
thority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certainly_Root_E1', subject '/C=US/O=Certainly/CN=Certainly Root E1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certainly_Root_R1', subject '/C=US/O=Certainly/CN=Certainly Root R1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certigna', subject '/C=FR/O=Dhimyotis/CN=Certigna', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certigna_Root_CA', subject '/C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_EC-384_CA', subject '/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum EC-384 CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Network_CA', subject '/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA'
, vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Network_CA_2', subject '/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network C
A 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Certum_Trusted_Root_CA', subject '/C=PL/O=Asseco Data Systems S.A./OU=Certum Certification Authority/CN=Certum Trusted Root CA', vfid
-1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_ECC_Root-01', subject '/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-01', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_ECC_Root-02', subject '/C=US/O=CommScope/CN=CommScope Public Trust ECC Root-02', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_RSA_Root-01', subject '/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-01', vfid -1
[468] fnbamd_add_ca_hash-new ca 'CommScope_Public_Trust_RSA_Root-02', subject '/C=US/O=CommScope/CN=CommScope Public Trust RSA Root-02', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Comodo_AAA_Services_root', subject '/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_BR_Root_CA_1_2020', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_EV_Root_CA_1_2020', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST EV Root CA 1 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_Root_Class_3_CA_2_2009', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009', vfid -1
[468] fnbamd_add_ca_hash-new ca 'D-TRUST_Root_Class_3_CA_2_EV_2009', subject '/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_G2', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Assured_ID_Root_G3', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_G2', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Global_Root_G3', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_High_Assurance_EV_Root_CA', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_TLS_ECC_P384_Root_G5', subject '/C=US/O=DigiCert, Inc./CN=DigiCert TLS ECC P384 Root G5', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_TLS_RSA4096_Root_G5', subject '/C=US/O=DigiCert, Inc./CN=DigiCert TLS RSA4096 Root G5', vfid -1
[468] fnbamd_add_ca_hash-new ca 'DigiCert_Trusted_Root_G4', subject '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust.net_Premium_2048_Secure_Server_CA', subject '/O=Entrust.net/OU=www.entrust.net\/CPS_2048 incorp. by ref. (limits liab.)/OU=(c)
1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority', subject '/C=US/O=Entrust, Inc./OU=www.entrust.net\/CPS is incorporated by reference/OU=(c) 2006
Entrust, Inc./CN=Entrust Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_EC1', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2012 Entrust, I
nc. - for authorized use only/CN=Entrust Root Certification Authority - EC1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_G2', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2009 Entrust, In
c. - for authorized use only/CN=Entrust Root Certification Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Entrust_Root_Certification_Authority_-_G4', subject '/C=US/O=Entrust, Inc./OU=See www.entrust.net\/legal-terms/OU=(c) 2015 Entrust, In
c. - for authorized use only/CN=Entrust Root Certification Authority - G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'FIRMAPROFESIONAL_CA_ROOT-A_WEB', subject '/C=ES/O=Firmaprofesional SA/organizationIdentifier=VATES-A62634068/CN=FIRMAPROFESIONAL CA RO
OT-A WEB', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_CA', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortin
et.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_CA_Backup', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fort
inet.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_Sub_CA', subject '/C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-subca2001/emailAddress=supp
ort@fortinet.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Fortinet_Wifi_CA', subject '/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GDCA_TrustAUTH_R5_ROOT', subject '/C=CN/O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD./CN=GDCA TrustAUTH R5 ROOT', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R1_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R2_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R3_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GTS_Root_R4_-_V1', subject '/C=US/O=Google Trust Services LLC/CN=GTS Root R4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_ECC_Root_CA_-_R4_-_V1', subject '/OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_ECC_Root_CA_-_R5', subject '/OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA', subject '/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA_-_R3', subject '/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_CA_-_R6', subject '/OU=GlobalSign Root CA - R6/O=GlobalSign/CN=GlobalSign', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_E46', subject '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root E46', vfid -1
[468] fnbamd_add_ca_hash-new ca 'GlobalSign_Root_R46', subject '/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Root R46', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Go_Daddy_Class_2_CA', subject '/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Go_Daddy_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Aut
hority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HARICA_TLS_ECC_Root_CA_2021', subject '/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS ECC Root CA 2021', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HARICA_TLS_RSA_Root_CA_2021', subject '/C=GR/O=Hellenic Academic and Research Institutions CA/CN=HARICA TLS RSA Root CA 2021', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015', subject '/C=GR/L=Athens/O=Hellenic Academic and Research Institutions Ce
rt. Authority/CN=Hellenic Academic and Research Institutions ECC RootCA 2015', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hellenic_Academic_and_Research_Institutions_RootCA_2015', subject '/C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert.
Authority/CN=Hellenic Academic and Research Institutions RootCA 2015', vfid -1
[468] fnbamd_add_ca_hash-new ca 'HiPKI_Root_CA_-_G1', subject '/C=TW/O=Chunghwa Telecom Co., Ltd./CN=HiPKI Root CA - G1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Hongkong_Post_Root_CA_3', subject '/C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ISRG_Root_X1', subject '/C=US/O=Internet Security Research Group/CN=ISRG Root X1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'ISRG_Root_X2', subject '/C=US/O=Internet Security Research Group/CN=ISRG Root X2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'IdenTrust_Commercial_Root_CA_1', subject '/C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'IdenTrust_Public_Sector_Root_CA_1', subject '/C=US/O=IdenTrust/CN=IdenTrust Public Sector Root CA 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Izenpe.com', subject '/C=ES/O=IZENPE S.A./CN=Izenpe.com', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsec_e-Szigno_Root_CA_2009', subject '/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szign
o.hu', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsoft_ECC_Root_Certificate_Authority_2017', subject '/C=US/O=Microsoft Corporation/CN=Microsoft ECC Root Certificate Authority 201
7', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Microsoft_RSA_Root_Certificate_Authority_2017', subject '/C=US/O=Microsoft Corporation/CN=Microsoft RSA Root Certificate Authority 201
7', vfid -1
[468] fnbamd_add_ca_hash-new ca 'NAVER_Global_Root_Certification_Authority', subject '/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authorit
y', vfid -1
[468] fnbamd_add_ca_hash-new ca 'NetLock_Arany_Class_Gold_Főtanúsítvány', subject '/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Ce
rtification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny', vfid -1
[468] fnbamd_add_ca_hash-new ca 'OISTE_WISeKey_Global_Root_GB_CA', subject '/C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GB CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'OISTE_WISeKey_Global_Root_GC_CA', subject '/C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GC CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_1_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_2', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_2_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'QuoVadis_Root_CA_3_G3', subject '/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_EV_Root_Certification_Authority_ECC', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Aut
hority ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_EV_Root_Certification_Authority_RSA_R2', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification
Authority RSA R2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_Root_Certification_Authority_ECC', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority
ECC', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_Root_Certification_Authority_RSA', subject '/C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority
RSA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_TLS_ECC_Root_CA_2022', subject '/C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SSL.com_TLS_RSA_Root_CA_2022', subject '/C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SZAFIR_ROOT_CA2', subject '/C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Sectigo_Public_Server_Authentication_Root_E46', subject '/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46', vf
id -1
[468] fnbamd_add_ca_hash-new ca 'Sectigo_Public_Server_Authentication_Root_R46', subject '/C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46', vf
id -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_RootCA11', subject '/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA12', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA12', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA14', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA14', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureSign_Root_CA15', subject '/C=JP/O=Cybertrust Japan Co., Ltd./CN=SecureSign Root CA15', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SecureTrust_CA', subject '/C=US/O=SecureTrust Corporation/CN=SecureTrust CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Secure_Global_CA', subject '/C=US/O=SecureTrust Corporation/CN=Secure Global CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_ECC_RootCA1', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication ECC RootCA1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_RootCA2', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Security_Communication_RootCA3', subject '/C=JP/O=SECOM Trust Systems CO.,LTD./CN=Security Communication RootCA3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Class_2_CA', subject '/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Ce
rtificate Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Starfield_Services_Root_Certificate_Authority_-_G2', subject '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfiel
d Services Root Certificate Authority - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SwissSign_Gold_CA_-_G2', subject '/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'SwissSign_Silver_CA_-_G2', subject '/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'T-TeleSec_GlobalRoot_Class_2', subject '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot C
lass 2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'T-TeleSec_GlobalRoot_Class_3', subject '/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot C
lass 3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1', subject '/C=TR/L=Gebze - Kocaeli/O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - T
UBITAK/OU=Kamu Sertifikasyon Merkezi - Kamu SM/CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_CYBER_Root_CA', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA CYBER Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_Global_Root_CA', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TWCA_Root_Certification_Authority', subject '/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telekom_Security_TLS_ECC_Root_2020', subject '/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS ECC Root 2020', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telekom_Security_TLS_RSA_Root_2023', subject '/C=DE/O=Deutsche Telekom Security GmbH/CN=Telekom Security TLS RSA Root 2023', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TeliaSonera_Root_CA_v1', subject '/O=TeliaSonera/CN=TeliaSonera Root CA v1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Telia_Root_CA_v2', subject '/C=FI/O=Telia Finland Oyj/CN=Telia Root CA v2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TrustAsia_Global_Root_CA_G3', subject '/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TrustAsia_Global_Root_CA_G4', subject '/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certifi
cation Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_ECC_P256_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Globa
l ECC P256 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'Trustwave_Global_ECC_P384_Certification_Authority', subject '/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Globa
l ECC P384 Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'TunTrust_Root_CA', subject '/C=TN/O=Agence Nationale de Certification Electronique/CN=TunTrust Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'UCA_Extended_Validation_Root', subject '/C=CN/O=UniTrust/CN=UCA Extended Validation Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'UCA_Global_G2_Root', subject '/C=CN/O=UniTrust/CN=UCA Global G2 Root', vfid -1
[468] fnbamd_add_ca_hash-new ca 'USERTrust_ECC_Certification_Authority', subject '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certificat
ion Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'USERTrust_RSA_Certification_Authority', subject '/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certificat
ion Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'XRamp_Global_CA_Root', subject '/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority',
vfid -1
[468] fnbamd_add_ca_hash-new ca 'certSIGN_ROOT_CA', subject '/C=RO/O=certSIGN/OU=certSIGN ROOT CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'certSIGN_Root_CA_G2', subject '/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2', vfid -1
[468] fnbamd_add_ca_hash-new ca 'e-Szigno_Root_CA_2017', subject '/C=HU/L=Budapest/O=Microsec Ltd./organizationIdentifier=VATHU-23584497/CN=e-Szigno Root CA 2017', vfi
d -1
[468] fnbamd_add_ca_hash-new ca 'ePKI_Root_Certification_Authority', subject '/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_ECC_Root_CA_-_C3', subject '/C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_ECC_Root_CA_-_G3', subject '/C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign ECC Root CA - G3', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_Root_CA_-_C1', subject '/C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign Root CA - C1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'emSign_Root_CA_-_G1', subject '/C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign Root CA - G1', vfid -1
[468] fnbamd_add_ca_hash-new ca 'root_CA2', subject '/O=Fortinet Ltd./CN=Fortinet', vfid -1
[468] fnbamd_add_ca_hash-new ca 'vTrus_ECC_Root_CA', subject '/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus ECC Root CA', vfid -1
[468] fnbamd_add_ca_hash-new ca 'vTrus_Root_CA', subject '/C=CN/O=iTrusChina Co.,Ltd./CN=vTrus Root CA', vfid -1
[63] fnbamd_local_crl_hash_init-
[1898] fnbamd_cfg_vdom_add-VDOM 'root' is created.
[2528] fnbamd_peer_user_create-Peer users are created, vfid=0, total=0
[1947] fnbamd_cfg_update_vpn_setting-VDOM 'root'
[2549] handle_req-Rcvd 4 req
[179] fnbamd_acct_start_ACCT_ON-No radius acct to notify
[1482] create_acct_session-Nothing to do for acct type 4
[2562] handle_req-Error creating acct session 4
ike 0: cache rebuild done
ike 0:94d706af889b0a4a/0000000000000000:1663: matched proposal id 1
ike 0:94d706af889b0a4a/0000000000000000:1663: proposal id = 1:
ike 0:94d706af889b0a4a/0000000000000000:1663: protocol = IKEv2:
ike 0:94d706af889b0a4a/0000000000000000:1663: encapsulation = IKEv2/none
ike 0:94d706af889b0a4a/0000000000000000:1663: type=ENCR, val=AES_CBC (key_len = 256)
ike 0:94d706af889b0a4a/0000000000000000:1663: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 0:94d706af889b0a4a/0000000000000000:1663: type=PRF, val=PRF_HMAC_SHA2_256
ike 0:94d706af889b0a4a/0000000000000000:1663: type=DH_GROUP, val=MODP2048.
ike 0:94d706af889b0a4a/0000000000000000:1663: lifetime=86400
ike 0:94d706af889b0a4a/0000000000000000:1663: SA proposal chosen, matched gateway AZURE_SAML
ike 0:AZURE_SAML: created connection: 0x8923180 8 120.151.50.38->49.178.109.28:11534.
ike 0:AZURE_SAML:1663: processing notify type NAT_DETECTION_SOURCE_IP
ike 0:AZURE_SAML:1663: processing NAT-D payload
ike 0:AZURE_SAML:1663: NAT detected: PEER
ike 0:AZURE_SAML:1663: process NAT-D
ike 0:AZURE_SAML:1663: processing notify type NAT_DETECTION_DESTINATION_IP
ike 0:AZURE_SAML:1663: processing NAT-D payload
ike 0:AZURE_SAML:1663: NAT detected: PEER
ike 0:AZURE_SAML:1663: process NAT-D
ike 0:AZURE_SAML:1663: processing notify type FRAGMENTATION_SUPPORTED
[1939] handle_req-Rcvd auth req 860162668 for F23484CE-7E30-4530-8175-C0754B374085 in SAML-ENTRA-ID opt=00000000 prot=8
[489] __compose_group_list_from_req-Group 'SAML-ENTRA-ID', type 1
[616] fnbamd_pop3_start-F23484CE-7E30-4530-8175-C0754B374085
[2282] fnbamd_user_ldap_create-LDAP servers are created, vfid=0, total=2
[378] radius_start-Didn't find radius servers (0)
[765] auth_tac_plus_start-Didn't find tac_plus servers (0)
[1009] __fnbamd_cfg_get_ldap_list_by_group-
[1117] fnbamd_cfg_get_ldap_list-Total ldap servers to try: 0
[497] ldap_start-Didn't find ldap servers
[480] fnbamd_cfg_get_ext_idp_list-
[454] __fnbamd_cfg_get_ext_idp_list_by_group-
[460] __fnbamd_cfg_get_ext_idp_list_by_group-Group 'SAML-ENTRA-ID'
[490] fnbamd_cfg_get_ext_idp_list-Total external identity provider servers to try: 0
[643] create_auth_session-Error starting authentication
[1086] fnbamd_ext_idps_destroy-
[1980] handle_req-r=5
[1988] handle_req-Error starting session
[209] fnbamd_comm_send_result-Sending result 5 (nid 0) for req 860162668, len=2540
[2485] handle_req-Rcvd abort req for 860162668
[2500] handle_req-Can't abort, no active req 860162668
[2570] peer_user_cn_dns_refresh-
[3391] __peer_user_cn_dns_refresh-Refresh in 1800 secs