Automatic CRL download error with two Identical DN.

Remote LDAP server constantly goes offline.

Unable to import all FortiToken hardware tokens from the same purchase order; need to add them all manually.

Internal server error 500 when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

LDAPS connectivity issue between FortiGate/FortiManager and FortiAuthenticator.

SAML IdP breaks after upgrade from 6.0.2 - 6.0.7 - 6.4.6/6.5.0.

Single group is passed by FortiAuthenticator as IdP when FIDO only authentication is used in SP setting.

User account extension gives CSRF token missing or incorrect.

A-P cluster, it forms when configured from the GUI, it does not when configured from the CLI without a restart.

Chained token authentication fails with self service portal.

Captive Portal with iPhone CNA fails when users attempt to register.

FSSO connection error: Maximum FortiGate session number reached, cannot accept new connection.

HA A/A status error - In sync with anomalies.

Push on FortiAuthenticator portal does not work when the username exceeds 20 characters.

Unable to import Guest users using CSV format in FortiAuthenticator.

After change the FortiAuthenticator IP address unplugging the monitor interface did not trigger HA failover.

No more than 20 realms can be added in the SAML General page under Realms.

Group membership is not replicated to LB when registering over a WiFi portal.

Captive portal automatic login after successful user verification is fails.

SAML - VPN SSL authentication error: invalid_response.

Unable to change remote LDAP user password via REST API.

Allowed host changes in the CLI are not reflected in the GUI.

Upgrade OpenSSL from 1.1.1n to 1.1.1s, then again to 1.1.1t.

Tabs are being replaced with #011 in TACACS+ logs and potentially other places using syslog for centralized logging.

SAML IdP- RelayState not being sent back to the SP for IAM logins.

No login prompt in the HW serial console when the boot is extremely broken.

FortiAuthenticator Remote user sync rules - Test filter not working if OU has special characters in name, e.g., ( , ) , +.

Upgrading FortiAuthenticator previously downgraded from 6.4+ to pre-6.4 back to 6.5.0 causes factory reset.

Sanitize portal name input.

Unable to expand Rule Sets after collapsing it in GUI.

Unable to import 10k plus groups from Azure via SAML in FortiAuthenticator.

AP HA secondary cannot change mgmt interface access configuration, and the option does not sync from the primary either.

Two FortiAuthenticator devices working in load balance mode stopped listening to port 8001.

Windows log events in FSSO are dropping after some time.

Despite DH modulus regeneration and device reboot, DH modulus is still equal to 2048 bits (256 bytes) instead of 4096 bits (512 bytes).

HA Cluster not forming due to differing smartconnect primary key name (upgrade path mismatch, but should work).

Under extensive load, FortiAuthenticator runs out of memory and TACACS+ daemon randomly crashes.

Cisco WLC portal fails (callback to 192.0.2.1).

802.1x EAP-TLS crashed with error eap_tls: ERROR: Error allocating memory for SSL state.

FortiGate CRL renewal over SCEP via FortiAuthenticator not working anymore. FortiGate failing with SCEP result=1: response is in wrong format.

Multiple 'ERROR running' shows when upgrading the firmware from v6.4.3 to v6.4.6.

Show 403 Forbidden while performing SAML authentication after OAuth succeeds.

Allow OTP for EAP-MSCHAPv2 Authentication with FortiClient feature does not toggle off on the GUI.

Emergency Token is not displayed on the GUI when Yubikey is assigned.

LB off-by-one issue in the change log processing logic.

disk_discovery.sh cannot find OSDISK / firmware drive with enlarged partitions.

FortiAuthenticator outbound email should permit partial chain certificate validation.

Email verification template is missing from the legacy user registration.

Remote LDAP clients cannot verify server certificates signed by LetsEncrypt and potentially other multipath CAs.

db_listener failure if the json contains unescaped string.

FortiAuthenticator VMs need greater resiliency/improved recovery when connectivity is lost to remote data drives.

OAuth tokens can be verified with an invalid client id.

[3^rd party component upgrade required for security reasons] FortiAuthenticator- linux_kernel to 4.9.312/4.14.277/4.19.241/5....

[3^rd party component upgrade required for security reasons] FortiAuthenticator- vmware-tools or open-vm-tools to 12.1.5.

Renaming a Portal back to its original name fails triggers 500 error on the self-service portal user login.

Custom RADIUS user attribute is not syncing over in HA LB setup.

Machine authentication cache expiry.

Smart Connect for Android running on version 12 and 13 never installs the configuration profile.

TACACS+ AVPs order could prevent sending some AVPs even if those are set as mandatory.