SAML Authentication not working after upgrade to 7.2.12/7.4.9/7.6.4

After upgrading the Fortigate to 7.2.12, 7.4.9 or 7.6.4 the SAML authentication (for e.g. IPsec or SSL VPN) is not working anymore. The authentication process takes a very long time and then results in a timeout.

Reason for this is that Fortinet has started to verify the signature for SAML response message. If the IdP is not signing the SAML responses the authentication process will fail with this upgrade.

This new behavior has been documented in the release notes, e.g. https://docs.fortinet.com/document/fortigate/7.4.9/fortios-release-notes/684249/saml-certificate-verification.

An example of the required configuration in Entra is available here: https://docs.fortinet.com/document/fortigate/7.4.9/administration-guide/736845/saml#Identity_providers

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *