- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WSSO FortiAuthenticator and Fortigate without FortiAP
Dear All
I'm using FortiAuthenticator as Radius and Fortigate as Internet sharing.
I need to allow some group on FortiAuthenticator to use the internet without web login, just Wifi single sign on. If success login on Wifi then Internet automatically active.
Here is the reference that I use.
The problem is I cannot use the reference with other brand such as tp-link, Dlink, mikrotik or other brand.
On the reference is use FortiAP.
I have tried many time, but always failed, when success login with Wifi then automatically appear login form on browser.
Is there anyone here have a experience to use WSSO without FortiAP.
Please let me know, if anybody can help me.
Regards,
Heri
- Labels:
-
FortiAuthenticator v5.5
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Graham
I've just tested with local group and LDAP group, but still doesn't work.
I think this is because I still use Firewall Group on Fortigate. Firewall user group provide access to firewall policies that require authentication. I must use FSSO or RSSO to use Single Sign on through Wifi.
If you have a reference, please let me know.
Best Regards,
Heri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes of course... sorry this won't work without a FortiAP since the FortiAP would use the FortiGate as the RADIUS client. Right now you have a different AP acting as RADIUS client so that attributes are not being sent to the FortiGate. Sorry for misleading you!
In this case I think the best thing to do is configure RSSO: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/85730/radius-single-sign-on-rsso-agent
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Graham
Thank you for your information.
Is it possible if we using Different AP with WIndows NPS and fortigate.
Can we implement WSSO with this configure.
Should we use FortiAP also with this alternative.
Regards,
Heri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately WSSO requires FortiAP as that is the only way to make Fortigate the RADIUS client which then allows it to receive the RADIUS attributes. Changing RADIUS to NPS will not help.
You should consider RSSO as posted above.
or you could look at doing FSSO too…
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Graham
Thank you for your suggestion.
Best Regards,
Heri

- « Previous
-
- 1
- 2
- Next »