Description | This article describes how to fix SAML issues with an SAML tracer error 'InResponseToField of the Response doesn't correspond to sent message'. |
Scope | This specifically affects environments with an on-premises FortiEDR Central Manager as an SP and FortiAuthenticator as an IDP. |
Solution |
The principal (end user browser) makes a request to the service provider. The service provider then requests authentication from the identity provider. The identity provider sends an SAML response with an assertion to the service provider, and the service provider can then send a response to the principal. If the principal (the user) was not already logged in, the identity provider may prompt them to log in before sending an SAML assertion. Due to the aforementioned workflow, it is very important for the principal to make sure that the initial request to SP and Metadata of SP uploaded to IDP should be either in the format of IP or FQDN.
Example:
If there are still any issues during the installation, open a new technical support ticket for further assistance: Fortinet Support. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.