Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JulienDuvoux
New Contributor

FortiGate / FortiOS 6.2.0 - SAML with opensource IdP (keycloack)

Hi,

 

I would like to know if the only way to use SAML to login Fortigate appliance (or VM) is using FortiAuthenticator ?

So SAML on fortigate is only for Fabric and if we want to use SAML from our IdP we need to use FortiAuthenticator and use FSSO between FortiAuthenticator and Fortigate Root?  

We are agree that in this case FortiAuthenticator allow to use any IdP? I saw samples in docs with Okta/ Google G Suite / Centrify 

 

http://docs.fortinet.com/...saml-sso-configuration

"You can select Custom when you want to change the default settings for IdP single-sign-on URL and IdP single logout URL"

 

Following the documentation link above the only things what we can change is the "sign-on" and "logout" URLs but in the appliance we can change IdP entity ID too.

 

Tanks a lot for any clue/help 

3 REPLIES 3
JulienDuvoux
New Contributor

wrong place ... sorry.

How can i move it ? 

pmit
New Contributor III

Any word on this. I do not have a FortiAuthenticator. This functionality should be built into FortiGate. Only super large organizations should need a separate authentication appliance. I would like to use a third part IDP such as Google or Azure to authenticate users to my Fortigate. 

 

I'm using a 500D with 6.2.1

 

Is this possible yet? 

JulienDuvoux

Thanks for answered.

This is for a very large organization but for a small entity of this. The IdP is not a FortiAuthenticator so we can't use this to handle fortigates and we have not authorization to use external (third party) IdP... the goal is to use actual IdP.

 

None information about it and documentation is poor... 

 

Anyway thanks for help.

Labels
Top Kudoed Authors