![]() ![]() There are two spots where the SAML can be configured on the FortiGate Firewall. # diagnose sys saml metadata > for admin accessĪdditionally, use browser plugins that will help in analyzing SAML communication.Ĭase scenario #1 - Not getting redirected to the SSO (IdP) when trying to get access to the SSL VPN.ġ) When there is no policy configured for SAML, FortiGate Firewall will not use SSO and it will not redirect to the IdP side.Ĭheck the policy and make sure that the SAML group is pointed in the policy.Ģ) Portal is configured for the specific realm.ģ) The policy is configured, but still redirection to the IdP is not happening.ĭisable the policy and re-enable the policy.Ĥ) SAML is configured on SP in the wrong spot. # diagnose vpn ssl saml-metadata “Your_SAML” > for SSL VPN # diagnose debug application sslvpn -1 ( with a debug level of -1 for detailed results) These commands enable debugging for 'SSL VPN' # diagnose debug application samld -1 ( with a debug level of -1 for detailed results) These commands enable debugging for 'SAML' Main debugs for SAML and SSL VPN troubleshooting. Set idp-cert "This certificate will be provided from the IdP side" Set idp-single-logout-url "This link will be provided from the IdP" Set idp-single-sign-on-url "This link will be provided from the IdP" Set single-sign-on-url " set single-logout-url " set idp-entity-id "This link will be provided from the IdP" This article describes some of the troubleshooting tips for SSL VPN with SAML authentication. ![]()
0 Comments
Leave a Reply. |