Revoked certificates still count against FortiAuthenticator license counts.

secp256r1 (Elliptic Curve / EC) HTTPS certificate not allowing TLS1_2.

After a reboot, FortiAuthenticator shows 500 Internal Server Error when synchronizing hardware Tokens.

OAuth authentication fails when user is administrator on FortiAuthenticator.

FortiAuthenticator remote user sync rules - Set Group Filter not working if OU has special characters in name, e.g., ( , ) , +.

FortiAuthenticator does not properly revoke a user certificate.

SNMP v3 with non-ENG letter pass gives authentication failed.

Issues accessing FortiAuthenticator via DNAT-ed IP address.

Radius Attributes option is not visible under local users when logged in with a user having full access set in admin profile.

In a captive portal, clicking Register then Cancel gives error 404.

Usability of User Group GUI.

Unable to delete a user group.

SAML logout returns Internal Server Error.

Self-service portal password change fails for remote LDAP users if UPN format is used.

FortiAuthenticator does not show the list of local users correctly after upgrading to 6.5.0.

Incorrect warning message when deleting a remote user sync rule.

Local services cannot use a certificate with >97 character subject length.

Local users view does not display the complete group name.

HA Cluster not forming due to differing smartconnect primary key name (upgrade path mismatch, but should work).

Unable to import 10k plus groups from Azure via SAML in FortiAuthenticator.

In FortiAuthenticator CLI, a user can change DNS addresses even if we assign No-Access/Read-only admin profile.

FortiAuthenticator radiusd crashes with complete authentication failure seen with certain high volume EAP traffic patterns.

Windows log events in FSSO are dropping after some time.

FortiAuthenticator unable to decode assertion after upgrading to 6.5.0.

Unable to provision FortiToken Mobiles on FortiAuthenticator 200E/400E/3000E in 6.5.0/6.5.1.

It takes a long time for FortiAuthenticator to reflect active certificates in the GUI after successful SCEP enrollment request.

Windows and OWA Agent stopped working after upgrade to 6.5.0.

FortiAuthenticator GUI/captive portal access freezes/become unresponsive during peak hours.

403 Forbidden error while doing SAML authentication after OAuth succeeds.

WAD-enforced admin/service access rules: Admin access does not apply to the HA admin interface.

Certificate GUI filter by status times out when there are thousands of revoked certificates.

The copy button does not work on the 500 error page.

Device reboots before configuration backup finishes downloading the firmware upgrade.

Unable to export guest users in Firefox.

GUI crashes when you click Create New in the Services tab in Authentication >TACACS+ Service > Authorization.

Use proper and consistent casing for OAuth.

LDAP user profile view in the self-service portal is broken.

Exception in the Result window in Self-service > Password Change.

LDAP user import uses server IP from DB despite browser using/showing unsaved one.

Javascript errors being thrown by all(?) search filters.

Unable to use FortiAuthenticator images in System replacement messages.

SAML sync rule groups input should be disabled when no server is selected.

REST API /api/v1/tacpluspolicyclient/ endpoint does not recognize policy_name or client_name parameters.

WAD-enforced admin/service access rules stop applying when the interface IP address is changed.

Rebooting cluster passive node breaks application of new settings if the role remains unchanged.

CLI pre-authentication warning is not applied when the setting is only toggled on.

Note: Toggling off works. Changing the warning message may make the CLI pre-authentication warnings to work.

WAD-enforced admin/service access rule only applies to the first four interfaces; rest still enforced in Python.

FortiNAC can overwhelm FortiAuthenticator with many TACACS+ logins on the same service account.

Read-only profile page does not show the correct information.

Return proper responses to HTTP OPTIONS requests.

[3^rd party component upgrade required for security reasons] FortiAuthenticator - django to 3.2.18 or 4.0.10.

[3^rd party component upgrade required for security reasons] FortiAuthenticator - curl to 8.0.1.

GUI crash in OAuth authorization when no scope is provided to FortiAuthenticator.

Failed FIDO token authentication and reauthentication FIDO token using SP SAML portal causes error occurred.

Clicking Enter during verification field on Account Registration resends the code rather than submitting the code.

The inbound proxy feature does not work when Get proxy IP from FORWARDED HTTP header is enabled.

No error message reported when LDAP password reset via email/security question is rejected by the remote LDAP server.

Remote LDAP user unable to use Smart Connect.

/api/v1/oauth/verify_token/ request fails for the remote LDAP admin user.

Upgrading the HA cluster from 6.4.7 GA to latest 6.5.2 build (1315) causes FortiToken Cloud license error in the License widget.

403 error when trying to do SAML logout with Use ACS URL from SP authentication request enabled.

Multiple TACACS+ authentications within a few seconds result in error if the user contains a rule.

IP lockout not being logged in on FortiAuthenticator logs.

FortiAuthenticator should not send out authentication requests for disabled TACACS+ users.

RADIUS attribute name should be only unique within the dictionary, not across all dictionaries.

TACACS+ failed authentications not counting towards IP lockouts.

Deleting an OAuth portal triggers 500 Error.

400 error when using LDAP custom attribute in the SAML SP initiated login.

Unable to view supported methods and available fields using /schema at the end of the endpoint.

User lookup never displays the first few users.

Inbound proxy settings - GUI allows submitting duplicate values in FORWARDED by values.

Group membership text is misaligned when there are large number of groups in the SAML session.

TACACS+ attribute value pair for authorization services shows undefined entries.

If the user has only an email token for it's second factor authentication, and the portal has Allow users to temporarily use email token authentication if an email was pre-configured enabled under Fortitoken Revocation, the user should not be able to use Switch to email token authentication.

SAML IdP IAM button should not be displayed if the SAML IdP portal is disabled.

FortiAuthenticator Remote user sync rules - Test filter not working if OU has special characters in name, e.g., ( , ) , +.

Deprovisioning FortiToken Cloud token causes WAD_12 (ftcd crash.

In SAML IdP and SP login portals, specifying a realm that does not exist triggers 500 error.

Unable to reset password for remote user on self-service/captive portal.

FortiAuthenticator as SAML IdP not returning remote LDAP groups in SAML assertions.

SAML IdP Login Success Page: last login information not shown when the previous IdP session was cleared.

Recovery password and recovery token fails to send alternative email address.

FortiToken Cloud status should show service unreachable when unable to reach the ForitToken Cloud server.