Resolved issues
The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.
| Bug ID | Description |
|---|---|
| 527119 | OCSP shows incorrect certificate status. |
| 537510 | Increase the VM_Base certificate table size. |
| 537413 | The DH parameters are not updated when upgrading firmware to version 5.4 or higher. |
| 528680 | Guest portals created from the migration of the legacy MAC address captive portal do not preserve the disclaimer setting. |
| 526455 | FortiToken Mobile transfer email message displays an incorrect expiration time. |
| 526820 | Push notifications aren't sent out to remote users when another user with the same username (but different realm) is present. |
| 528211 | SYSLOG SSO stops working after upgrade to firmware version 5.5.0. |
| 529463 | FortiAuthenticator randomly drops all FSSOMA sessions. |
| 537945 | Support multiple username attributes in FSSO LDAP user lookup when multiple remote LDAP servers in the same domain are configured. |
| 517959 | Duplicate DCs appear under domain in FSSO if FQDN is configured in LDAP. |
| 526095 | SAML authentication fails when signing the service provider request with a local certificate. |
| 506294 | FortiAuthenticator truncates SSO groups in long SAML attributes resulting in log on failures. |
| 525263 | SAML SP using Azure does not work. |
| 535754 | Username case sensitivity is removed from RADIUS authentication, but not from FSSO. |
| 532689 | FortiAuthenticator FSSO usernames containing spaces are ignored in event polling. |
| 503366 | Monitor SSO Domains shows a domain controller as red on HA Master and green on HA backup. |
| 520572 | When the pre-login disclaimer is enabled, the FSSO login widget requires two clicks instead of one. |
| 527359 | Unable to send randomly generated passwords via SMS when admin approval is required. |
| 532079 | Guest Portal-triggered RADIUS authentication follow-up does not include group-name VSA in Access-Accept on first attempt. |
| 535038 | Radius group-name attribute is not sent to the FortiGate during initial authentication of social user causing authentication to fail. |
| 532016 | Unable to import SSO users with a DN longer than 255 characters. |
| 509121 | FSSO Logged-in users shows "N/A" in the User Inventory widget when there are users logged into the system. |
| 538546 | Error occurs when switching a local user from Sponsor to Admin. |
| 534736 | LDAP query fails if the query string contains non-ascii characters. |
| 534347 | Creating or importing Mac devices with names containing non-ascii characters causes a server crash. |
| 532894 | Registration is misspelled 'Registeration' on the self-registration page. |
| 526637 | When changing user type to admin, 'Allow Radius Auth' option should automatically be deselected. |
| 519150 | Spaces preceding and following the SAML IdP server address and service provider settings fields should automatically be removed. |
| 512109 | When setting up SAML IdP, selecting a third-party server certificate that is still in a pending state causes a server crash. |
| 511667 | The Change Password page does not have a Cancel button. |
| 455084 | The Debug Page for Radius Accounting crashes when displaying logs with non-utf-8 characters. |
| 515429 | An error can cause loss of access to the FortiAuthenticator GUI. |
| 516167 | An admin profile with "read-only" permissions for the SSO Monitor can log off authenticated users. |
| 538016 | Unable to assign a FortiToken to another user if the user has been already deleted on FortiAuthenticator. |
| 504695 | When exporting a guest user with the Print function, the resulting page includes unnecessary content. |
| 521547 | Mobile phone numbers with seven or eight digits do not work with SMS Gateway |
| 540391 | Finding "last backup" date/time can cause delays or failure of the System Information widget. |
| 534879 | Fix typo in error message when uploading an organization image. |
| 521183 | Rename Fortinet CAs. |
| 307386 | FortiAuthenticator version upgrade history should be part of config backup/restore. |
| 528440 | The FortiAuthenticator GUI crashes after adding a guest portal rule. |
| 522611 | Rename "Meru" guest portal label to "Social portal pinholes". |
| 523622 | Coordinated HA upgrade produces two log entries under Upgrade History on the master. |
| 522057 | Deleting a social user on a LB slave will cause a crash to occur. |
| 538865 | FortiAuthenticator units fail to form a cluster when configuring HA active-passive mode. |
| 534338 | Factory reset / data drive formatting is extremely slow in Azure/HV/KVM. |
| 526507 | Remote user sync rules do not assign FortiToken to imported LDAP users. |
| 524350 | Tokens are not correctly assigned to local users during import rule execution. |
| 490281 | Column titled 'Type id' in the GUI logs is titled 'Log id' in the downloaded logs. |
| 523780 | Include Token Transfer Code in log entry. |
| 520514 | System reboots and shutdowns, intended or unintended, should be logged. |
| 494705 | Domain authentication fails for users from trusted domains due to missing domain name in authentication request. |
| 530590 | "Force password change on next logon" option does not work with FortiGate SSL-VPN if FortiToken Mobile push is used. |
| 528580 | FortiAuthenticator radiusd is unable to recognize client defined by hostname after DNS change. |
| 493318 | Remote LDAP users with expired passwords receive incorrect error messages when login fails. |
| 526616 | Auth REST API endpoint concatenated password+token_code in password field doesn't authenticate users. |
| 519655 | REST API: localusers endpoint accepts invalid parameters when sent via the PATCH method. |
| 519652 | Changing the FortiToken Mobile provisioning PIN length via REST API causes a server error. |
| 400466 | Support signed authentication requests with embedded signature for SAML IdP. |
| 542547 | SAML IdP user sessions expire earlier than configured session timeout. |
| 539134 | Typo in default replacement message for SAML Login Message Page. |
| 513278 | Remote LDAP displayName attribute isn't included in SAML assertion for remote LDAP admin. |
| 522350 | Miscellaneous performance improvements to SAML authentication. |
| 531734 | SAML IdP: support special character '&' in SP URLs and multiple ACS URLs. |
| 535136 | SAML IdP needs to add "SessionIndex" inside "saml:AuthnStatement" on successful logins. |
| 504081 | SCEP requests from an iPhone fail due to an error "The SCEP server returned an invalid response.". |
| 526242 | UTF8STRING-encoded challengePassword within CSR sent during SCEP enrollment is not parsed correctly. |
| 523340 | Sending SMS messages using Twilio fails. |
| 519994 | When the sysOID is queried, FortiAuthenticator-VM identifies itself as a LINUX Net-SNMP agent system rather than a Fortinet device. |
| 397184 | Unable to monitor the FSSO user count via SNMP. |
| 502007 | The RADIUS accounting and CoA does not take effect on FortiAuthenticator. |
| 464556 | Time-based user expiry configured in usage profile isn't applied to users when they already have an expiry date configured. |
| 485564 | Fixed vulnerability to "TCP sequence number approximation based denial of service" attack. |
| 411510 | Fixed vulnerability to "Reverse Tabnabbing" attack. |