Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
miki360
New Contributor

Created on ‎08-25-2023 12:45 AM Edited on ‎08-25-2023 02:00 AM

VPN SSL authentification with Azure SAML 7.0.12 issue : users not redirected to login page

Hello Evryone,

 

We are facing a strange issue with our azure saml authetification for vpn users.

 

The issue is on web mode as well as Forticlient.

 

The issue is that users are not redirected to azure login page.

 

->vpn works with local users

->single sign on button appears on web mode (Policy must be ok)

->when we enable debug for samld there is only 1 output :__samld_sp_create_auth_req [447]: SAML SP algo: 0 -> lasso=1. Binding Method: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

->When we test on azure (Assertion consumer service URL) we get invalid http request

->on web mode when we click on single sign on we are not redirected to azure and we get ERR_EMPTY_RESPONSE

We have checked multiple times if there was any syntax mismatch between idp and sp but there are none 3 fortinet support engineers also checked

 

We are running out of ideas.

 

Did anyone faced this issue ?

 

Any suggestion is welcome !

 

Thanks in advance

FortiGate  

Labels:
4154
0 Kudos
1 Solution
hbac
Staff
Staff

Created on ‎08-25-2023 06:43 AM

Hi @miki360

 

Do you have a ticket opened? If yes, what is the ticket number? 

 

We need to doublecheck the configuration, please provide output of the following commands: 

# show full user saml 

# show full vpn ssl setting 

 

Please also provide screenshots of Azure configurations. 

 

Regards,

View solution in original post

4129
0 Kudos
4 REPLIES 4
hbac
Staff
Staff

Created on ‎08-25-2023 06:43 AM

Hi @miki360

 

Do you have a ticket opened? If yes, what is the ticket number? 

 

We need to doublecheck the configuration, please provide output of the following commands: 

# show full user saml 

# show full vpn ssl setting 

 

Please also provide screenshots of Azure configurations. 

 

Regards,

4130
0 Kudos
miki360
New Contributor
In response to hbac

Created on ‎08-30-2023 07:54 AM

Hello,

 

Yes we have opened a case and after checking the issue was resolved by disabling sdp certificate. The certificate was generated using the FW ca but we did not get the reason what was wrong with the certificate.

4074
0 Kudos
mle2802
Staff
Staff

Created on ‎08-30-2023 07:37 AM

Hi there,

This issue usually happen when there is a mismatch in IDP or SP URLs addresses between the FortiGate and Microsoft Azure Single Sign-On page. Can you please verify that information and refer to this document for more detail:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Invalid-HTTP-Request-while-using-sso-login...

4077
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.