Token-only user can log in to SP configured for "Enforce TFA" option if this user already has active session.

Provide convenient method for admin to purge all offline token data for user.

FortiAuthenticator- Private keys in file system. Not been protected by HSM.

User registration via Guest Portal requires the approver to enable RADIUS authentication first.

Windows Agent does not try to use secondary FortiAuthenticator upon DNS lookup failure for primary.

EAP Server Certificate must be FQDN-specific, no wildcard permitted (for Windows 10 clients).

FG-IR-18-182 PostgreSQL multiple releases.

Clarification for Monitor, Authentication, and Windows AD statuses.

One of the cluster units does not send traps while set as the active member.

FortiAuthenticator is crashing every time when the LDAP Remote user sync rules are supposed to run.

Cannot export local user if number of user is large.

FortiAuthenticator does not check if signature of CSR is valid.

Google+ is being shutdown.

Users Audit Report not working on load-balancer.

Should limit FSSO password to 15 characters since that is the limit on the Fortigate.

Support dual 2FA for remote users sync rules.

Importing an ECDSA-signed certificate/key causes an error dump.

Add option for FortiAuthenticator SAML IdP to send Subject NameID in example.com\username format.

GUI exception/crash occurs when clicking on a guest user in a load-balancer FortiAuthenticator.

FSSOMA nested group search failing if nested via primary group.

Password field in API call for remote users.

Picking MD5-hashed certificate for system access causes Apache to crash repeatedly. FortiAuthenticator GUI becomes inaccessible.

Django upgrading to v1.11.20 (python 2.7) or v2.2 (python 3).

HA re-enable and interface in use.

Non-ASCII characters in replacement messages cause line-break in the middle of a URL in emails

Enabling secure passwords options prevents LDAP clients from accessing FortiAuthenticator LDAP sever.

FortiAuthenticator VM upgrade from 4.0 b6237 to 6.0 b010 not successful.

Should have similar log messages for remote sync rules when either an admin or non-admin role is assigned to imported user.

Push notification certificates not restored to disk following model conversion.

One new jQuery CVE disclosed on 2019-04-19.

Provide skeleton language pack for self-service portal.

Load-balancer doesn't response to the accounting-request after the failover.

Improve IdP metadata.

Guest portal authentication fails with HTTP 500 if user name contains non-ASCII characters.

Adding SMS license shows "connection timeout"in the GUI.

Cannot edit guest user whose sponsor's account has been deleted.

Error While accessing Authentication > Remote users.

Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.

FAC Agent - Include timestamps from FortiAuthenticator in the agent log when importing offline tokens.

Trusted CA import shows pending when certificate is using SHA512 as hash.

EAP-TLS authentication does not check AuthorityKeyIdentifier when matching allowed/trusted CAs.

EAP-TLS - deletion of local CA#1 breaks authentication for local CA#2 with identical subjects.

Certificate upload to FortiAuthenticator in PKCS#12 format fails.

Local users screen crashes intermittently.

FortiAuthenticator API - Call to api/v1/usercerts.

Smart Connect profile is not working on MAC computer.

FortiMobile push stopped working after upgrade from 5.5.0 to 6.0.2 while trying to log in to FortiAuthenticator admin access with remote users.

No more than 20 Realms can be present in RADIUS client settings.

FortiAuthenticator as RSSO > FSSO processing fails if fails RADIUS Accounting Sources is configured with FQDN instead of IP.

FortiGuard server failed sending SMS because message is too long.

Fortitoken Cloud status service error when no entitlement purchased.

FTM trial license activation: Disable "Cannot find req_trial_ftm task. It might have been removed".

Revoked local service certificates not in CRL.

RADIUS attributes are not added in Access-Accept packet.

Unable to import users into LDAP directory tree.

Random issue while accessing FortiAuthenticator Dashboard.

FortiAuthenticator sends faulty class attribute in Access-Accept.

'ftm_id' error returns to FTM Android when approve login request from push notification.

The FortiAuthenticator not processing DC agent information.

KVM Uptime is wrong after VM reboot.

"Cluster not formed" message on HA Status page, but HA seems to work OK.

Admin login from Guest Portal registration link that was emailed by FortiAuthenticator keeps failing.

FCT: Reached maximum client number, cannot accept new connection

FortiAuthenticator Agent should programmatically disable all installed credential providers instead of just the Windows defaults.

Routing table breaks when updating IP.

Disk monitor widget error on dashboard.

Not able to select FortiToken Hardware under self-service portal.

Performance improvement for Windows Authenticator for users with offline tokens.

FortiAuthenticator-VM Azure maintainer account doesn't work.

FortiAuthenticator AWS having issue connection to AWS NTP server address 169.254.169.123.

Accent character handling for remote LDAP user.

Inconsistency on fiber ports, HA implementation.

DCAgents marked as offline randomly in SSO Monitor, fail to process user events in that state.

Delay in loading Guest Portal.

SNMP trap for user lockout still getting sent even when it has been disabled.

LDAP realm with token-only authentication works only with PAP

Standalone primary unit in a load-balancing configuration restarts itself when a new connection replaces an existing one.

FortiAuthenticator not accessible via port2 despite setting allowaccess https. 403 Forbidden error is presented.

2FA field is named identically to password field.

Add HA "debug mode" outputs additional data to the HA debug log.

FortiAuthenticator cannot use NTLMv2 in WINBIND process to join AD Domain.

Mobile number verification for Guest portal Self-registration (pre-login service) does not use the configured SMS gateway.

Cannot finish Guest Portal self-registration if Device Tracking post-login feature is enabled.

SCEP Response with certificate, has three extra bytes.

Social logins are denied when normal user license is exhausted.

SNMP sysUpTime value reset to zero every four hours.

Link in password reset email is split in two lines.

Slony HA still needs an indicator for "in_sync" in the HA Status GUI.

GUI error for SSO Group Fine-grained Controls

Use mobile number as username pass in incorrect value causes GUI webpage crash.

Update default FortiToken Mobile provisioning message.

Merge OCI support into trunk.

RADIUS MSCHAPv2 authentication fails even FortiAuthenticator is joined to the domain.

winbind child process spikes CPU to 75%+.

Vulnerability of HTTP host header value reflection.

Custom dictionaries are not syncing with HA load balancing device.

It is possible to view/edit user data field from guest portal, even if profile view/edit options are not enabled.

User information is missing the FortiAuthenticator logs.

SAML user attribute "Remote LDAP Groups" - Limit of 200 insufficient.

Change token default GUI display to six stars.

Forbid firmware upgrades from 6.0.3 or earlier to 6.1.0 or later

Unable to revoke user certificate - duplicate key value.

Upgrade from 5.4.1 to 6.0.3 HTTPS swaps with RADIUS Account Monitor.

jQuery not referenced causing FTM push failing on FortiClient SAML for SSLVPN.

FortiAuthenticator sends DNS requests for the Client subnets configured in RADIUS accounting clients.