Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

SAML

SAML

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between two security domains: an Identity Provider (IdP) and a Service Provider (SP). The FortiProxy unit supports the SAML protocol and will act as a Service Provider.

In SAML-SP authentication, the FortiProxy unit redirects unauthenticated users to the IdP (FortiAuthenticator, Okta Identity, Microsoft ADFS, or similar) for authentication. After the user is authenticated with the IdP, the user is redirected to the FortiProxy unit with SAML assertion information using the POST method. The assertion information includes the authentication result, user name, and group in attribute assertions (or claim in terms of ADFS). Based on that information, the FortiProxy unit executes both authentication and authorization (matching the user to the group). If the IdP is Microsoft ADFS, the FortiProxy unit supports resolving the user group information through the LDAP query with Kerberos or NTLM authentication.

To manage SAML servers, go to User & Authentication > SAML.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New Create a SAML server. See Create or edit a SAML server.
Edit Modify a SAML server. See Create or edit a SAML server.
Delete Remove a server or servers.
Name The name that identifies the SAML server on the Fortinet unit.
Entity ID The SP entity identifier.
Single Sign On URL The SP single sign-on URL.
Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
ADFS Claim Enable or disable the ADFS claim for the user and group attributes in the assertion statement.
digest-method Which algorithm is used for the digest method.
Group Claim Type The group claim in the assertion statement.
Group Name The group name in assertion statement.
IDP Entity ID The IDP entity identifier.
IDP Single Logout URL The IDP single logout URL.
IDP Single Sign On URL The IDP single sign-on URL.
Single Logout URL The SP single logout URL.
User Claim Type The user name claim in the assertion statement.
User Name The user name in the assertion statement.
Previous
Next

SAML

Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between two security domains: an Identity Provider (IdP) and a Service Provider (SP). The FortiProxy unit supports the SAML protocol and will act as a Service Provider.

In SAML-SP authentication, the FortiProxy unit redirects unauthenticated users to the IdP (FortiAuthenticator, Okta Identity, Microsoft ADFS, or similar) for authentication. After the user is authenticated with the IdP, the user is redirected to the FortiProxy unit with SAML assertion information using the POST method. The assertion information includes the authentication result, user name, and group in attribute assertions (or claim in terms of ADFS). Based on that information, the FortiProxy unit executes both authentication and authorization (matching the user to the group). If the IdP is Microsoft ADFS, the FortiProxy unit supports resolving the user group information through the LDAP query with Kerberos or NTLM authentication.

To manage SAML servers, go to User & Authentication > SAML.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New Create a SAML server. See Create or edit a SAML server.
Edit Modify a SAML server. See Create or edit a SAML server.
Delete Remove a server or servers.
Name The name that identifies the SAML server on the Fortinet unit.
Entity ID The SP entity identifier.
Single Sign On URL The SP single sign-on URL.
Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
ADFS Claim Enable or disable the ADFS claim for the user and group attributes in the assertion statement.
digest-method Which algorithm is used for the digest method.
Group Claim Type The group claim in the assertion statement.
Group Name The group name in assertion statement.
IDP Entity ID The IDP entity identifier.
IDP Single Logout URL The IDP single logout URL.
IDP Single Sign On URL The IDP single sign-on URL.
Single Logout URL The SP single logout URL.
User Claim Type The user name claim in the assertion statement.
User Name The user name in the assertion statement.
Previous
Next