Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rpmadathil_FTNT
Staff
Staff

Created on ‎03-20-2019 08:27 AM Edited on ‎06-30-2023 12:41 AM By Moderator

Article Id 196633

Technical Tip: Integration of single sign on and local authentication for explicit proxy users

Description

 

This article explains how to integrate single sign-on and local authentication for explicit proxy users.


Solution

 

New CLI commands to configure the single sign-on and local authentication for explicit proxy users.

Configure local and FSSO authentication scheme for FortiGate explicit proxy:

 

config authentication scheme

    edit "local"

        set method form

        set require-tfa disable  <--

        set user-database "local" --> Local authentication.

    next

    edit "fo"

        set method fsso --> Single SignOn policy.

    next

end

 

Configure local and FSSO authentication rules for FortiGate explicit proxy:

 

config authentication rule

    edit "2"

        set status enable

        set protocol HTTP

        set srcaddr "Ip_172.31.134.150"

        set ip-based enable

        set active-auth-method ''

        set sso-auth-method "fsso" --> Single SignOn policy.

        set comments ''

    next

    edit "1"

        set status enable

        set protocol http

        set srcaddr "all"

        set ip-based enable

        set active-auth-method "local" --> Local authentication policy.

        set sso-auth-method ''

        set comments ''

    next

end

 

Configure proxy authentication rule :

 

config firewall proxy-policy

    edit 2

        set uuid 2e80b2c6-283d-51e9-a17c-63e20afb33dc

        set proxy explicit-web

        set dstintf "port2"

        set srcaddr "Ip_172.31.134.150"

        set dstaddr "all"

        set service "webproxy"

        set action accept

        set schedule "always"

        set groups "FSSO_PROXY"

    next

    edit 1

        set uuid bb042630-2566-51e9-2140-39bae534f3cf

        set proxy explicit-web

        set dstintf "port2"

        set srcaddr "all"

        set dstaddr "all"

        set service "webproxy"

        set action accept

        set schedule "always"

        set groups "SSO_Guest_Users"

        set profile-protocol-options "test"

    next

end

 

Useful troubleshooting command in case authentication is not working:

 

diagnose wad debug enable category all auth
diagnose wad debug enable level verbose
diagnose debug enable

2803
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.