SSOMA configuration: Misleading error message.

Support TLS 1.3 in RADIUS EAP-TLS.

Support TLS 1.3 in curl / libcurl.

Error when trying to import users from FortiGate configuration to FortiAuthenticator v6.4.

Power supplies show voltage input fault on both CLI and GUI.

Incorrect Italian translation of the Next button displayed on the reset password page.

[FortiAuthenticator 400E] help check the reason of FortiAuthenticator 400E auto rebooting.

Token bypass not working for FIDO enabled self-service portal.

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

Upgrading FortiAuthenticator in HA-LB removed the MAC-address records form the LB node.

In the session expired token page entering wrong token does not redirect to Login page.

Heavy FSSO-linked DNS traffic could result in the loss of HA heartbeats.

FortiAuthenticator SSO database is not updating on time when domain users switch from wireless to wired or vice-versa.

Realm authentication performance regression with KVM FortiAuthenticator.

FortiAuthenticator ignores the groups filtering rules and send all SSO groups to FortiGate if FortiGate is configured with FQDN.

Selecting the cloud option for group membership on SAML SP displays 500 error if we do not select an OAuth server.

SAML: Launching SP-initiated SAML session for a user with FIDO AUTH produces server errors.

Admin password recheck popup should have a cancel button.

Request FortiAuthenticator with CA only to support future new FortiGate with CA2 only.

SAML token-only login displays password page instead of the token page.

User lookup does not display token information with view-only admin profiles.

Add warnings, logs, and SNMP traps on LB HA failures.

Certificate only smart connect in iOS does not work.

TACACS+ remote users are not being displayed in User Lookup.

Instruction link for installing FortiToken Mobile application is blocked on the self-service portal.

HA status table header giving JavaScript errors when we clicked on.

CRL download URL over http is not available.

Improve performance in SAML login GET request.

We can access SAML IdP initiated URL on a FortiAuthenticator using a server address that is not the FQDN or IP.

When timezone = GMT, London, user audit report download fails with internal server error 500.

FortiAuthenticator does not properly revoke a user certificate.

Number of Users for the MAC device group is always zero.

HA LB anomaly for the MAC device group membership upon connection.

Refresh button for widgets gets grayed out for a while after clicking on it.

Import hard token through the serial number file, status Missing seed.

Next button to trigger FIDO authentication should be disabled when FIDO authentication is in progress.

The self-service portal password change error is displayed in two places.

Proper fix strong crypto configuration in WAD.

Remove Certificate authority type and CA certificate that issued the server certificate from Web/LDAP server configuration page.

Self-device enrollment is broken for FortiToken 300.

Non-admin SAML FIDO authentication ends with error 500.

FortiAuthenticator is not sending the userip to the Syslog server when using RADIUS authentication.

Add more built-in tiles for SAML IdP-initiated portal.

Some of the users logged in MAC devices are unable to get user sessions listed on FortiAuthenticator.

Requiring a password recheck should be necessary when adding a FIDO key to the Admin user.

Oauth relying parties should have unique name constraints.

Unable to scroll User Registration Replacement Messages page.

We should not be able to save Smart connect profiles if EAP type has not been selected.

406 error when prompted for the Admin password.

RADIUS policies matching attributes configuration should not be limited to two.

500 error for a remote user on the SAML portal with both FIDO and FortiToken Mobile/FortiToken Cloud token.

FortiAuthenticator unable to return more than 100 groups from the Azure AD when using SSOMA.

GUI crashes when creating a usage profile.

FortiAuthenticator base distinguished name- Click on the browser displayed error code if OU has special characters in the name, e.g., ( ? ) , +.

FortiToken sync issue after upgrading from a previous GA build.

The User Lookup feature displays only the most recent session for active RADIUS sessions.

When attempting to revoke a server certificate, the Certificates field is empty.

Issue authenticating IPsecVPN IKEv2 EAP (MSCHAPv2) to FortiAuthenticator + remote RADIUS server.

Incorrect message on landing page for No-Access-Admin login.

radiusd cannot handle two parallel authentication sessions and removes partially authenticated user when second attempt comes.

Syslog over TLS enabled offers TLS 1.0 and TLS 1.1 on port 6514.

Unable to add longer mobile phone numbers for certain country codes.

FortiAuthenticator issues with UserPrincipalName (UPN) and tokens.

Self-service portal password change fails for remote LDAP users.

Typo: Fix typo when deleting FortiToken mobile.

HA cluster fails to provision FortiToken Mobile tokens on the primary after a failover.

Push authentication does not work on the Windows Agent when using FortiTrust Identity.

Coordinated upgrade from build 0073 (6.0.8) GA to 1349 results in errors in the HA cluster mode.

CRL automatic download failed using https.

radiusd appears to be stale with unfinished request in component authenticate module facauth that matches no Access-request ID.

FAC2KE PSU monitor widget does not accurately reflect the actual statuses of the PSUs on the device.

REST API - RuntimeError on localgroup-memberships post.

FortiAuthenticator allows and forwards TS-Agent and DC-Agent login for the same IP address.

SmartConnect profile user certificate not containing the correct UPN.

500 error when re-enabling a disabled local user with Account Expiration enabled.

Internal Server Error (Disk full) on the users certificate GUI with 50K+ certificates.

Language changes in LEGACY self-service portal when an admin is connected affect admin GUI language.

Auto-redirect to the trusted endpoint SSO URL.

REST API does not return company and department fields for local users.

Sync rule with any OTP method including None generates excessive logs.

Custom user fields in user portal settings gives 403 error when editing it.

Subject NameID under Assertion Attribute not defaulting to username.

If a user logs in to FortiAuthenticator first, then logs in to the OAuth application, the user will be logged in with the FortiAuthenticator login session.

/api throws 500 internal server error after login, it should not be an unhandled exception.

FortiAuthenticator - FortiOS/FortiProxy - Proxy mode with deep inspection - Stack buffer overflow.

Create new log events for RADIUS accounting start/stop messages.

Adding TACACS+ clients from a csv file allows to enter an incorrect IP address format string instead of the address type.

Syslog FSSO - Parse for multiple IPv4 and IPv6 addresses.

FortiAuthenticator HSTS settings are not applied to the facwad webserver.

Post request will cause CSRF validation error if the URL contains port number other than 80 or 443.

Eliminate telnetd from FortiAuthenticator.

SAML SP FIDO OTP fallback using Azure IdP proxy with an imported remote SAML Azure with token fails.

Improper requests to /admin/customviews/guestportaltemplate/editor/generates server errors.

Upgrade to 6.5.3 fails and leaves FortiAuthenticator unusable.

LDAP group filter query fails when 3 CN is chosen.

Remote LDAP user should be denied in RADIUS if user has not been imported.

CSV Mac device import fails due to MAC address wildcard formatting. Previously, resolved in 0665381.

Change in FortiToken Cloud 'balance' API broke inventory widget.

FortiAuthenticator keep sending non-stop traffic to ftc.fortinet.com.

OAuth portal is optional.

Creating users using the localuser endpoint fails.

FortiToken hardware token is not assigned to the imported users if None is not selected in the sync rule.

GUI not showing groups when trying to import user by group membership attribute from the OpenLDAP server.

Certificate renewal failure after revocation.

Close all of the FortiAuthenticator service ports by default.

Unable to change Fortinet logo on one of the replacement messages.

Avoid sharing the database session across different HTTP requests.

Test token with email/SMS not working due to CSP error.

Internal error 500 when trying to visualize the remote TACAC+ users.

Dynamic RADIUS attribute feature should work for an AD user.

ftcd/pushd should close http_request explicitly.

Using special character in the Service Provider settings breaks SAML with 403 error.

Windows AD SSO domains randomly disconnected from FortiAuthenticator(when polling dozens).

Unable to redirect to a page after successful kerberos authentication - unsafe-eval error.

Trusted CA deletion does not generate a log message.

Restoring encrypted configuration with wrong password gives not a gzip file error.

Issues when moving users from column Available Users to Chosen Users.

wad pg_client crashes due to use-after-free error.

Allow changing access rights in the FortiAuthenticator Cloud mode.

Translation error in OAuth Service > General > JWT private key.

It takes around 10 seconds to create or migrate IAM user on any account.

Do not display firmware certificates as options for CA certificate when FortiAuthenticator is in HA LB mode.

SAML stops working with error 500 due to captcha errors.

Internal server error 500 when viewing RADIUS Accounting Sessions in Monitor section.

Unable to create multiple realms with the same remote SAML server.

500 Internal server error on SAML when authenticating with SAML with captcha enabled.

Admin login with FortiToken Mobile/Cloud push failure with an empty field.

Windows agent authentication using FortiToken Cloud with Email and SMS delivery option fails.

Unable to configure the fourth and the last realm in Authentication > SAML IdP > General.

SAML trusted endpoint FSSO return internal error 500.

wad/pg_client initiated query is active on the postgres side despite already being finished.

Fido OAuth authentication flow is broken.

Incorrect password with PCI mode enabled results in 500 error.

Enable HSTS by default.