Fortinet / SAML support for Windows
Daniel Lenski
dlenski at gmail.com
Fri Oct 6 20:49:00 PDT 2023
On Thu, Sep 28, 2023 at 3:06 AM julio toribio <juliothebatery at gmail.com> wrote:
>
> I'm using Windows and trying to connect to a VPN(Fortinet) but by
> default SAML is used to authenticate. When we hit connect in
> Forticlient, a web browser is launched, we authenticate in i.e
> Microsoft, then Forticlient is connected.
> I saw the option --external-browser=BROWSER but openconnects complains
> with "openconnect.exe: unknown option -- external-browser"
> I tried replacing the "=" for an empty space (--external-browser
> "C:\P...") but still the same result.
> I'm I missing something?
The short answer here is that OpenConnect does not yet have any
support for SAML-based authentication using an external browser **with
the Fortinet protocol**.
See a related issue on GitLab:
https://gitlab.com/openconnect/openconnect/-/issues/?state=all&label_name%5B%5D=protocol%3A%3AFortinet&label_name%5B%5D=External%20Auth%2FSAML%2FSSO
As far as I know, none of the main OpenConnect developers have any
access to a Fortinet VPN that uses SAML, so without a lot more details
about *how* Fortinet does this SAML authentication (see
https://gitlab.com/openconnect/openconnect/-/issues/356#note_912401634),
it will not happen.
As ever, more details on how it works (especially in the form of a
merge request with working code :-)) would be welcome!
More information about the openconnect-devel
mailing list