Uploading SAML IdP certificate to the FortiGate SP
To upload SAML IdP certificate:
- Go to System > Certificates.
- From the Create/Import dropdown, select Remote Certificate.
The Upload Remote Certificate window opens.
- In the Upload Remote Certificate window, select Upload, and browse to the certificate that you saved in Exporting the IdP certificate.
- Click Open.
- Click OK.
- Make note of the name of the certificate used. Here, REMOTE_Cert_2.
The certificate is then referenced in Creating SAML user and server.
Ensure that the correct certificate is uploaded to the FortiGate SP, else SAML authentication fails due to a mismatch in the certificate used by FortiAuthenticator to sign the SAML assertion.
The FortiGate SP only trusts SAML assertions signed by the certificate selected in Creating SAML user and server.