Upgrading FortiAuthenticator in HA-LB removes the MAC-address records form the LB node.

FortiAuthenticator drops FSSO events with work queue full, dropping logon error.

Heavy FSSO-linked DNS traffic could result in the loss of HA heartbeats.

FortiAuthenticator only sends accounting responses in random bursts with huge delays.

Import hard token through the serial number file, status Missing seed.

Non-admin SAML FIDO authentication ends with error 500.

FortiAuthenticator is not sending the userip to the Syslog server when using RADIUS authentication

FortiAuthenticator leaves the token in assigned status with no user when syncing a new token assignment from LDAP.

Syslog over TLS enabled offers TLS 1.0 and TLS 1.1 on port 6514.

Unable to add longer mobile phone numbers for certain country codes.

FortiAuthenticator issues with UserPrincipalName (UPN) and tokens.

Self-service portal password change fails for remote LDAP users.

Push authentication does not work on the Windows Agent when using FortiTrust Identity.

The GUI is slow when attempting to access the self-service portal or the legacy portal.

radiusd appears to be stale with unfinished request in component authenticate module facauth that matches no Access-request ID.

FortiAuthenticator allows and forwards TS-Agent and DC-Agent login for the same IP address.

Internal Server Error (Disk full) on the users certificate GUI with 50K+ certificates.

REST API does not return company and department fields for local users.

Sync rule with any OTP method including None generates excessive logs.

DC agent debug logging responsible for excessive disk I/O when polling 25 event log sources.

Subject NameID under Assertion Attribute not defaulting to username.

SMS gateway with HTTP GET method sends HTTP parameters in incorrect order.

RADIUS crashes when the admin logs in after upgrading to 6.4.1.

Upgrade to 6.5.3 fails and leaves FortiAuthenticator unusable.

LDAP group filter query fails when 3 CN is chosen.

CSV Mac device import fails due to MAC address wildcard formatting. Previously, resolved in 0665381.

FortiAuthenticator keep sending non-stop traffic to ftc.fortinet.com.

GUI not showing groups when trying to import user by group membership attribute from the OpenLDAP server.

Certificate renewal failure after revocation.

Unable to change Fortinet logo on one of the replacement messages.

Dynamic RADIUS attribute feature should work for an AD user.

Using special character in the Service Provider settings breaks SAML with 403 error.

Windows AD SSO domains randomly disconnected from FortiAuthenticator (when polling dozens).

Unable to redirect to a page after successful kerberos authentication - unsafe-eval error.

Issues when moving users from column Available Users to Chosen Users.

SAML stops working with error 500 due to captcha errors.

Unable to create multiple realms with the same remote SAML server.

GUI admin access permissions are ignored for D/E models in v6.5.

Issue running internal PKI for automatic certificate enrollment..

Disable ssh-rsa from the SSH server host-key algorithm.

Authentication fails when the remote LDAP username attribute is UPN and the user input is set to realm\username or realm/username.

6.6.0 radiusd database connection leak in ldap/upn-related code path leads to complete authentication failure.

500 Internal server error when trying to download a smart connect profile when using 2FA.

Improve SSO user group membership configuration section.

Add more built-in tiles for SAML IdP-initiated portal.

FortiAuthenticator web server stops accepting requests until reboot /wad restarts - no worker is active.

REST API - RuntimeError on localgroup-memberships post.

Expired OAuth tokens are never purged.

Post request will cause CSRF validation error if the URL contains port number other than 80 or 443.

Change in FortiToken Cloud 'balance' API broke inventory widget.

ftcd/pushd should close http_request explicitly.

wad/pg_client initiated query is active on the postgres side despite already being finished.

Fido OAuth authentication flow is broken.

Incorrect password with PCI mode enabled results in 500 error.

SAML captcha fails during upgrade if the template is modified.

New style for the tabs in list pages.

New menu structure for FSSO.

Filter box is hidden behind change list.

It takes around 10 seconds to create or migrate IAM user on any account.

SAML IdP losing RelayState after a failed IAM login attempt.

In the session expired token page entering wrong token does not redirect to the Login page.

Instruction link for installing FortiToken Mobile application is blocked on the self-service portal.

We can access SAML IdP initiated URL on a FortiAuthenticator using a server address that is not the FQDN or the IP address.

500 error for a remote user on the SAML portal with both FIDO and FortiToken Mobile/FortiToken Cloud token.

GUI crashes when creating a usage profile.

Coordinated upgrade from build 0073 (6.0.8) GA to 1349 results in errors in the HA cluster mode.

500 error when re-enabling a disabled local user with Account Expiration enabled.

Custom user fields in user portal settings gives 403 error when editing it.

Remote LDAP user should be denied in RADIUS if user has not been imported.

Test token with email/SMS not working due to CSP error.

Rest API patch method for local users fails with company, department field error.

500 Internal server error on SAML when authenticating with SAML with captcha enabled.

Fixed grammatical issue when rebooting the FortiAuthenticator-VM with updated license.

Error dump empty on 500 internal server error.

Unable to trigger FortiToken auto push with IPSec ikev2 using FortiAuthenticator as RADIUS server.

GUI issue in the HA Status page when HA is not configured.

After clicking Save, the message overlaps the title on the Accounting Proxy General page.

Header is missing if accessing a page by URL directly.

OAuth login with two factor authentication fails to login.

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

FortiAuthenticator unable to return more than 100 groups from the Azure AD when using SSOMA.

Issue authenticating IPsecVPN IKEv2 EAP (MSCHAPv2) to FortiAuthenticator + remote RADIUS server.

SmartConnect profile user certificate not containing the correct UPN.

If a user logs in to FortiAuthenticator first, then logs in to the OAuth application, the user will be logged in with the FortiAuthenticator login session.

Create new log events for RADIUS accounting start/stop messages.

Internal error 500 when trying to visualize the remote TACAC+ users.

IdP Initiated dasboard does not display the tile images if FortiAuthenticator is IdP proxy.