Fortinet / SAML support for Windows

Daniel Lenski dlenski at
Fri Oct 6 20:49:00 PDT 2023

On Thu, Sep 28, 2023 at 3:06 AM julio toribio <juliothebatery at> wrote:
> I'm using Windows and trying to connect to a VPN(Fortinet) but by
> default SAML is used to authenticate. When we hit connect in
> Forticlient, a web browser is launched, we authenticate in i.e
> Microsoft, then Forticlient is connected.

> I saw the option --external-browser=BROWSER but openconnects complains
> with "openconnect.exe: unknown option -- external-browser"
> I tried  replacing the "=" for an empty space (--external-browser
> "C:\P...") but still the same result.

> I'm I missing something?

The short answer here is that OpenConnect does not yet have any
support for SAML-based authentication using an external browser **with
the Fortinet protocol**.

See a related issue on GitLab:

As far as I know, none of the main OpenConnect developers have any
access to a Fortinet VPN that uses SAML, so without a lot more details
about *how* Fortinet does this SAML authentication (see,
it will not happen.

As ever, more details on how it works (especially in the form of a
merge request with working code :-)) would be welcome!

More information about the openconnect-devel mailing list