Microsoft Azure MFA Server and Fortigate SSL-VPN
First time posting and really hoping that someone tells me I'm an idiot, and the solution's really simple...
I'm trying to use Microsoft's Azure MFA Server product to add multi-factor authentication to our Fortigate SSL-VPN.
The way I have it set up, is:
LOGIN REQUEST TO FG -> RADIUS TO MFA -> MFA PROXIES REQUEST TO RADIUS SERVER
Which is the way that Microsoft says that I should have it set up.
If I substitute the MS VPN solution in place of the Fortigate, it works fine.
If I take MFA server out of the equation, it works as it should.
However - if I have it set up as I need it to be, the Fortigate denies the login, stating that it can't find the user. Yet the identical username without the MFA server works fine...
I've wireshark'd the RADIUS packets from both the vanilla RADIUS server and from the MFA server, and they're identical sans the individual packet identifiers. I've used the packet sniffer in the Fortigate itself to check that they're arriving intact, which they are. The ONLY thing I can find that's actually wrong, is that the Fortigate seems to just ignore the RADIUS Access-Accept packet. Yet, I can't find any record of that happening.
To stop me further losing my sanity, has anyone else come across this, or does anyone have any ideas at all?
Thank you so much in advance!