Introduction
The purpose of this guide is to assist in troubleshooting the Authentication setup in the Fortinet Security Awareness and Training Service. In order to follow these steps, you will need to have access to Google Chrome browser on a test machine. You will also need to download and install the SAML-tracer extension.
Downloading SAML-tracer
You can search for SAML-tracer using your chrome browser, or, visit this site: https://chromewebstore.google.com/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch
Installing SAML-tracer
1) After accessing the SAML-tracer download page, select the Add to Chrome button:
2) When prompted, select the Add extension button:
Configuring SAML-tracer
1) Click the extensions icon (puzzle piece located next to your avatar in the upper right corner), then select the more options (three dots) next to the extension and select Manage extension:
2) Ensure the On option button is selected, the Site access setting is set to On all sites and that the Allow in Incognito option button is enabled:
Verifying the Authentication (SAML2 / SSO) Configuration:
1) Open a Chrome New Incognito window by right clicking on the Google icon in the system tray (or from the .exe file):
2) Select the extensions button (puzzle piece) next to the avatar in the upper right corner, then select the SAML-tracer plugin:
The SAML-tracer window should open:
3) Select the Pause button, then select the Clear button to stop capture and clear the logs.
4) Enter your primary domain url in the browser. You should be redirected to your configured single sign on page.
5) Un-pause the SAML-tracer capture by deselecting the Pause button.
6) Enter your email:
7) When prompted, enter your password.
8) Wait for the login to fail with an error.
9) Select the Pause button in the SAML-tracer logs window.
10) Locate the POST entry marked with the SAML icon, then select the SAML tab from the lower window:
11) Verify the saml2 attribute Names match the configuration settings from the Authentication tab and that they are identical with no leading or trailing spaces, that the case matches and that underscores are present. From the above screenshot, we can verify that these are accurate:
12) Verify that the saml2 attribute values being returned have the correct values being passed (i.e. email is passed for Username and Email attributes and the first and last name attribute values match that in your single sign-on repository.
If you are still having issues, please open a support ticket by sending an email to [email protected]
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article