SAML assertions and SAML requests can be now signed to better support third-party IdPs 7.2.3

SAML assertions and SAML requests can be now signed to better support third-party IdPs.

Go to System Settings > SAML SSO.
Configure a Service Provider (SP).
In the GUI there are three new options which are disabled by default:
- SP Certificate
- Authentication Request Signed: To use this feature, you must add an SP Certificate first, and the SP Certificate must be imported to the IdP.
- Require Assertion Signed from IdP: Used for third-party IdPs as FortiAnalyzer assertions are always signed when operating as the IdP. As some third-party IdPs may not require that assertions are signed, this setting can be disabled.

In the FortiAnalyzer CLI, enter the following commands:

config system saml

set auth-request-signed enable/disable

set want-assertions-signed enable/disable

SAML assertions and SAML requests can be now signed to better support third-party IdPs 7.2.3

SAML assertions and SAML requests can be now signed to better support third-party IdPs.

To view signing options for SAML assertions and requests:

Go to System Settings > SAML SSO.

Configure a Service Provider (SP).
In the GUI there are three new options which are disabled by default:

SP Certificate
Authentication Request Signed: To use this feature, you must add an SP Certificate first, and the SP Certificate must be imported to the IdP.
Require Assertion Signed from IdP: Used for third-party IdPs as FortiAnalyzer assertions are always signed when operating as the IdP. As some third-party IdPs may not require that assertions are signed, this setting can be disabled.

To configure these options in the CLI:

In the FortiAnalyzer CLI, enter the following commands:

config system saml

set auth-request-signed enable/disable

set want-assertions-signed enable/disable