Hello Evryone,
We are facing a strange issue with our azure saml authetification for vpn users.
The issue is on web mode as well as Forticlient.
The issue is that users are not redirected to azure login page.
->vpn works with local users
->single sign on button appears on web mode (Policy must be ok)
->when we enable debug for samld there is only 1 output :__samld_sp_create_auth_req [447]: SAML SP algo: 0 -> lasso=1. Binding Method: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
->When we test on azure (Assertion consumer service URL) we get invalid http request
->on web mode when we click on single sign on we are not redirected to azure and we get ERR_EMPTY_RESPONSE
We have checked multiple times if there was any syntax mismatch between idp and sp but there are none 3 fortinet support engineers also checked
We are running out of ideas.
Did anyone faced this issue ?
Any suggestion is welcome !
Thanks in advance
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @miki360,
Do you have a ticket opened? If yes, what is the ticket number?
We need to doublecheck the configuration, please provide output of the following commands:
# show full user saml
# show full vpn ssl setting
Please also provide screenshots of Azure configurations.
Regards,
Hi @miki360,
Do you have a ticket opened? If yes, what is the ticket number?
We need to doublecheck the configuration, please provide output of the following commands:
# show full user saml
# show full vpn ssl setting
Please also provide screenshots of Azure configurations.
Regards,
Hello,
Yes we have opened a case and after checking the issue was resolved by disabling sdp certificate. The certificate was generated using the FW ca but we did not get the reason what was wrong with the certificate.
d you check the below document to find any mismatch : https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial
Also posting 4 docs which can help you :
Hi there,
This issue usually happen when there is a mismatch in IDP or SP URLs addresses between the FortiGate and Microsoft Azure Single Sign-On page. Can you please verify that information and refer to this document for more detail:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Invalid-HTTP-Request-while-using-sso-login...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.