Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What's new

FortiAuthenticator version 6.0.3 includes the following new features and enhancements:

SAML SP single logout enhancements for FSSO

New enhancements have been introduced for SAML SP single logout for FSSO:

  • Support for the handling of IdP-initiated logout.
  • The logout button on the SAML SP Logout Page replacement message also triggers a logout from the IdP.
  • A new button has been added to the SAML SP Logout Success Page replacement message to return to the login page.

SAML remote authentication enhancements

FortiAuthenticator SPs include the "RequestedAuthnContext" assertion in their authentication request to any IdP. FortiAuthenticator 6.0.3 now includes a setting to define the authentication context value.

The Default value is "PasswordProtectedTransport," which requires that users are authenticated using a password-based method. When alternative authentication methods are used, None can be selected to omit this requirement (e.g. when a X.509 certificate is used in Azure).

Low HA sync activity SNMP trap

A new "HA sync activity is low" trap is available that can be used by administrators to monitor the health of the HA cluster. The SNMP trap is sent by the cluster's standby member. To use this trap, create or edit an SNMPv1/v2c/v3 at System > Administration > SNMP and enable the toggle for "HA sync activity is low."

Reject usernames containing uppercase letters

FortiAuthenticator includes the option to reject usernames that contain uppercase letters when using RADIUS authentication. When the option is enabled, RADIUS authentication automatically fails when the username contains an uppercase letter.

What's new

FortiAuthenticator version 6.0.3 includes the following new features and enhancements:

SAML SP single logout enhancements for FSSO

New enhancements have been introduced for SAML SP single logout for FSSO:

  • Support for the handling of IdP-initiated logout.
  • The logout button on the SAML SP Logout Page replacement message also triggers a logout from the IdP.
  • A new button has been added to the SAML SP Logout Success Page replacement message to return to the login page.

SAML remote authentication enhancements

FortiAuthenticator SPs include the "RequestedAuthnContext" assertion in their authentication request to any IdP. FortiAuthenticator 6.0.3 now includes a setting to define the authentication context value.

The Default value is "PasswordProtectedTransport," which requires that users are authenticated using a password-based method. When alternative authentication methods are used, None can be selected to omit this requirement (e.g. when a X.509 certificate is used in Azure).

Low HA sync activity SNMP trap

A new "HA sync activity is low" trap is available that can be used by administrators to monitor the health of the HA cluster. The SNMP trap is sent by the cluster's standby member. To use this trap, create or edit an SNMPv1/v2c/v3 at System > Administration > SNMP and enable the toggle for "HA sync activity is low."

Reject usernames containing uppercase letters

FortiAuthenticator includes the option to reject usernames that contain uppercase letters when using RADIUS authentication. When the option is enabled, RADIUS authentication automatically fails when the username contains an uppercase letter.