Hot!SAML external browser

Author
IG
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/08/02 08:25:30
  • Status: offline
2021/08/02 08:38:59 (permalink)
0

SAML external browser

Hi,
 
Since FortiOS 7.0.1, bug 715100 is resolved and should allow the use of an external browser to perform SAML authentication instead of the FortiClient embedded login window.
The release note states :
Allow FortiClient to use a browser as an external user agent to perform SAML authentication for SSL VPN tunnel mode. In prior versions, SAML authentication must be performed within the FortiClient embedded login window. A new setting is added to configure the SAML redirection port upon successful SAML authentication:
config vpn ssl settings
set saml-redirect-port <port>
end
 
Has anyone a clue on how setting an alternate SAML redirect port on the Fortigate side will instruct the FortiClient to open the default browser on the client ?
I tried to force another port instead of the default 8020 but FortiClient still uses the default embedded login window.
 
I'd like to use an external browser so it will know how to interact with a WebAuthn device.
 
Thanks,
IG
#1
Adrian Lewis
Gold Member
  • Total Posts : 323
  • Scores: 5
  • Reward points: 0
  • Joined: 2004/03/08 23:17:37
  • Status: offline
Re: SAML external browser 2021/08/12 01:01:52 (permalink)
0
Pretty sure this needs FCT 7.0.1 as a prerequisite and the relevant setting for the connection enabled. From my testing so far with FCT 7.0.1 and FGT 6.4.6, that combo will not work either.
#2
Adrian Lewis
Gold Member
  • Total Posts : 323
  • Scores: 5
  • Reward points: 0
  • Joined: 2004/03/08 23:17:37
  • Status: offline
Re: SAML external browser 2021/08/12 01:10:33 (permalink)
0
FYI - EMS doesn't have this client setting in the UI from what I've found but you can add:
 
<use_external_browser>1</use_external_browser>
 
into the top level for the SSL VPN connection to enable it for that connection (needs the advanced view toggled to show the XML tab in the profile).
#3
IG
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/08/02 08:25:30
  • Status: offline
Re: SAML external browser 2021/08/16 06:49:43 (permalink)
0
Thanks for your feedback.
We are using the VPN-only version of FortiClient.
Not sure I can edit the XML by hand.
#4
IG
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/08/02 08:25:30
  • Status: offline
[SOLVED] SAML external browser 2021/08/19 09:49:30 (permalink)
0
@Adrian : it's working fine with the free version of FortiClient starting with 7.0.1
I was mislead as I upgraded FortiClient along with FortiOS 7.0.1 but FCT was still 7.0.0 back then.
#5
Jump to:
© 2021 APG vNext Commercial Version 5.5