Help
FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
kiri
Staff
Staff

Created on ‎10-01-2023 11:00 PM Edited on ‎10-04-2023 06:06 AM By Community Manager

Article Id 276882

Technical Tip: FortiAuthenticator SAML IDP default port change

Description This article describes that Port change in SAML IDP General settings is not supported.
Scope FortiAuthenticator.
Solution

The default SAML IDP port 443 cannot be changed on FAC as FAC webserver will only listen at 443.


SAML TCP/443 in our documentation for Incoming Ports.

 

Even if it is attempted as below, by specifying a port number in SAML IDP General settings, it is not supported:

 

Screenshot 2023-09-30 213018.png

 

config user saml
    edit "facid-fgt"
        set entity-id "http://fgt.local:44444/remote/saml/metadata/"
        set single-sign-on-url "https://fgt.local:44444/remote/saml/login"
        set single-logout-url "https://fgt.local:44444/remote/saml/logout"
        set idp-entity-id "http://abcdefg.fortitrustid.forticloud.com:1443/saml-idp/luizi/metadata/"
        set idp-single-sign-on-url "https://abcdefg.fortitrustid.forticloud.com:1443/saml-idp/luizi/login/"
        set idp-single-logout-url "https://abcdefg.fortitrustid.forticloud.com:1443/saml-idp/luizi/logout/"
        set idp-cert "REMOTE_Cert_2"
        set user-name "Username"
        set digest-method sha1
next

 

The redirect from SP to the IDP times out, and the request is not logged on the FortiAuthenticator.

 

Screenshot 2023-09-30 215118.png
447
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.