Fortinet black logo

Administration Guide

FortiAuthenticator 6.0.3

FortiAuthenticator 6.0.3

The following list contains new and expanded features added in FortiAuthenticator 6.0.3.

SAML SP single logout enhancements for FSSO

New enhancements have been introduced for SAML SP single logout for FSSO:

  • Support for the handling of IdP-initiated logout.
  • The logout button on the SAML SP Logout Page replacement message also triggers a logout from the IdP.
  • A new button has been added to the SAML SP Logout Success Page replacement message to return to the login page.

SAML remote authentication enhancements

FortiAuthenticator SPs include the "RequestedAuthnContext" assertion in their authentication request to any IdP. FortiAuthenticator 6.0.3 now includes a setting to define the authentication context value.

The Default value is "PasswordProtectedTransport," which requires that users are authenticated using a password-based method. When alternative authentication methods are used, None can be selected to omit this requirement (e.g. when a X.509 certificate is used in Azure).

Low HA sync activity SNMP trap

A new "HA sync activity is low" trap is available that can be used by administrators to monitor the health of the HA cluster. The SNMP trap is sent by the primary cluster's passive unit. To use this trap, create or edit an SNMPv1/v2c/v3 at System > Administration > SNMP and enable the toggle for "HA sync activity is low."

Reject usernames containing uppercase letters

FortiAuthenticator includes the option to reject usernames that contain uppercase letters when using RADIUS authentication. When the option is enabled, RADIUS authentication automatically fails when the username contains an uppercase letter.

FortiAuthenticator 6.0.3

The following list contains new and expanded features added in FortiAuthenticator 6.0.3.

SAML SP single logout enhancements for FSSO

New enhancements have been introduced for SAML SP single logout for FSSO:

  • Support for the handling of IdP-initiated logout.
  • The logout button on the SAML SP Logout Page replacement message also triggers a logout from the IdP.
  • A new button has been added to the SAML SP Logout Success Page replacement message to return to the login page.

SAML remote authentication enhancements

FortiAuthenticator SPs include the "RequestedAuthnContext" assertion in their authentication request to any IdP. FortiAuthenticator 6.0.3 now includes a setting to define the authentication context value.

The Default value is "PasswordProtectedTransport," which requires that users are authenticated using a password-based method. When alternative authentication methods are used, None can be selected to omit this requirement (e.g. when a X.509 certificate is used in Azure).

Low HA sync activity SNMP trap

A new "HA sync activity is low" trap is available that can be used by administrators to monitor the health of the HA cluster. The SNMP trap is sent by the primary cluster's passive unit. To use this trap, create or edit an SNMPv1/v2c/v3 at System > Administration > SNMP and enable the toggle for "HA sync activity is low."

Reject usernames containing uppercase letters

FortiAuthenticator includes the option to reject usernames that contain uppercase letters when using RADIUS authentication. When the option is enabled, RADIUS authentication automatically fails when the username contains an uppercase letter.