Known issues
This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.
Bug ID | Description |
---|---|
555180 | Push notification certificates are not restored to the disk following a model conversion. |
526202 | FortiAuthenticator does not check if the signature of a CSR is valid when processing it during a SCEP enrollment request. |
548689 | FortiAuthenticator should not delete a revoked local service certificate until it has expired. |
538059 | Importing an ECDSA-signed certificate and key causes an error. |
544851 | Unable to re-enable HA from the CLI if HA was disabled from the GUI on the backup device. |
528352 | Unable to configure HA role and priority from the CLI on a load-balancing device that has HA disabled. |
546764 | The use of non-ASCII characters in replacement messages causes the URL in email messages to render incorrectly. |
478985 | The FortiAuthenticator Windows Agent doesn't always locate the domain name, and users are not able to login. |
524131 | There is a multisecond delay between queuing and sending of push notifications. |
538216 | FortiAuthenticator FSSO service can be unstable due to crashing DC agent daemon. |
468513 | Excluding a user from SSO causes the FSSO server to exit and not recover. |
540932 | FSSOMA nested group search fails if nested via the primary group. |
541043 | SAML authentication with Azure UUID mapping does not include SSO group for the user as expected. |
555320 | When using device only (MAC address) authentication, the guest portal time schedule is ignored. |
482900 | User registration through a guest portal requires the approver to enable RADIUS authentication first. |
558797 | Users assigned an admin profile with full read and write permissions are unable to access Authentication > Guest Portal > General. |
532604 | The Social Login Users list displays 'unknown' in the user column. |
530392 |
Unable to log into a guest portal with a social user account if the account has expired. Workaround: From Authentication > User Account Policies > General, enable Automatically purge disabled user accounts and set the frequency to Hourly. This removes all expired accounts. |
543791 | When a users audit report is generated, the 'last used' and 'created' columns contain incorrect data for LDAP users. |
557353 | Occasionally, FortiAuthenticator widgets will fail to load. |
510931 | The connection status displayed for Windows Active Directory servers can be are unclear and inconsistent. |
536211 | FortiAuthenticator should limit FSSO passwords to 15 characters since that is the limit on FortiGate. |
532652 | Users audit reports are not working on the backup device in an active-active HA cluster. |
558790 | Unable to assign more than one admin profile to a user. |
550800 | The Authentication Activity widget can display inconsistent information. |
548527 |
User accounts that have been locked due to repeated invalid password attempts cannot be unlocked from the User Lookup page. |
544023 | Importing MD5-hashed certificates for system access causes Apache to crash repeatedly. |
543646 | When creating a password policy, entering foreign characters in the 'Use non-alphanumeric characters in random passwords' field will cause an error to occur when viewing the list of guest users. |
540587 | Clicking on a guest user on a load-balancing device causes a GUI crash. |
490281 | FortiAuthenticator logs show the column name 'Type id', however downloaded logs and logs sent to FortiAnalyzer show this column name as 'Log id'. |
557762 | In an active-active HA configuration, after an HA password change, backup devices are unable to synchronize. |
557771 | The role of active-passive cluster standby members locks to standby member if the active member shuts down while status is 'in_sync = 0'. |
551706 | Load-balancing HA clusters are unable to have two remote FortiAuthenticator administrators with the same username when two-factor authentication is enabled. |
516357 | Toggling load-balancing off and back on in an existing cluster can impact availability for hours or days. |
543729 | RADIUS Client service not working after upgrading firmware from version 4.2.1 to version 5.5. |
548556 | If FortiAuthenticator is configured as an LDAP server and the secure password option is enabled, the LDAP client receives an invalid credentials error during the bind attempt. |
511093 | In an active-active HA configuration, Radiusd on the backup device crashes if a large custom RADIUS dictionary is uploaded to the primary device. |
556721 | When using the /auth/ REST API endpoint, case insensitivity is ignored when handling the 'user has no token configured' option. |
543993 | Unable to create more than one SSO group using REST API. |