Fortinet black logo

CLI Reference

saml

saml

Use this command to configure global settings for SAML authentication.

Syntax

config system saml

set cert <certificate>

set default-profile <string>

set idp-cert <string>

set idp-entity-id <string>

set idp-single-logout-url <string>

set idp-single-sign-on-url <string>

set login-auto-redirect {enable | disable}

set role {IDP | SP}

set server-address <string>

set status {enable | disable}

config service-providers

edit <name>

set prefix <string>

set sp-cert <string>

set sp-entity-id <string>

set sp-single-logout-url <string>

set sp-single-sign-on-url <string>

next

end

end

Variable

Description

cert <certificate> The certificate name.

default-profile <string>

The default profile (default = Restricted_User).

idp-cert <string> The IDP certificate name.
idp-entity-id <string> The IDP entity ID.
idp-single-logout-url <string> The IDP single logout URL.
idp-single-sign-on-url <string> The IDP single sign-on URL.

login-auto-redirect {enable | disable}

Enable/disable automatic redirect to the IDP login page (default = disable).

role {IDP | SP}

The SAML role:

  • IDP: Identity provider
  • SP: Service Provider (default)

server-address <string>

The server address.

status {enable | disable} Enable/disable SAML authentication (default = disable).

Variables forconfig service-providerssubcommand:

This command is only available when role is IDP.

<name> Service provide name.
prefix <string> The prefix. Can contain only letters and numbers.
sp-cert <string> The SP certificate name.
sp-entity-id <string> The SP entity ID.
sp-single-logout-url <string> The SP single sign-on URL.
sp-single-sign-on-url <string> The SP single logout URL.

To view the service provider IdP information, use the following commands:

config system saml

config service-providers

edit <name>

get

Output:

name : name prefix : y9jr06vq0k sp-cert : (null) sp-entity-id : http://https://172.27.2.225//metadata/ sp-single-sign-on-url: https://https://172.27.2.225//saml/?acs sp-single-logout-url: https://https://172.27.2.225//saml/?sls idp-entity-id : http://172.27.2.225/saml-idp/y9jr06vq0k/metadata/ idp-single-sign-on-url: https://172.27.2.225/saml-idp/y9jr06vq0k/login/ idp-single-logout-url: https://172.27.2.225/saml-idp/y9jr06vq0k/logout/ 

saml

saml

Use this command to configure global settings for SAML authentication.

Syntax

config system saml

set cert <certificate>

set default-profile <string>

set idp-cert <string>

set idp-entity-id <string>

set idp-single-logout-url <string>

set idp-single-sign-on-url <string>

set login-auto-redirect {enable | disable}

set role {IDP | SP}

set server-address <string>

set status {enable | disable}

config service-providers

edit <name>

set prefix <string>

set sp-cert <string>

set sp-entity-id <string>

set sp-single-logout-url <string>

set sp-single-sign-on-url <string>

next

end

end

Variable

Description

cert <certificate> The certificate name.

default-profile <string>

The default profile (default = Restricted_User).

idp-cert <string> The IDP certificate name.
idp-entity-id <string> The IDP entity ID.
idp-single-logout-url <string> The IDP single logout URL.
idp-single-sign-on-url <string> The IDP single sign-on URL.

login-auto-redirect {enable | disable}

Enable/disable automatic redirect to the IDP login page (default = disable).

role {IDP | SP}

The SAML role:

  • IDP: Identity provider
  • SP: Service Provider (default)

server-address <string>

The server address.

status {enable | disable} Enable/disable SAML authentication (default = disable).

Variables forconfig service-providerssubcommand:

This command is only available when role is IDP.

<name> Service provide name.
prefix <string> The prefix. Can contain only letters and numbers.
sp-cert <string> The SP certificate name.
sp-entity-id <string> The SP entity ID.
sp-single-logout-url <string> The SP single sign-on URL.
sp-single-sign-on-url <string> The SP single logout URL.

To view the service provider IdP information, use the following commands:

config system saml

config service-providers

edit <name>

get

Output:

name : name prefix : y9jr06vq0k sp-cert : (null) sp-entity-id : http://https://172.27.2.225//metadata/ sp-single-sign-on-url: https://https://172.27.2.225//saml/?acs sp-single-logout-url: https://https://172.27.2.225//saml/?sls idp-entity-id : http://172.27.2.225/saml-idp/y9jr06vq0k/metadata/ idp-single-sign-on-url: https://172.27.2.225/saml-idp/y9jr06vq0k/login/ idp-single-logout-url: https://172.27.2.225/saml-idp/y9jr06vq0k/logout/