Wrong group attributes indicator in RADIUS policy response table for EAP-TLS.

"Allowed shell commands" label in authorization rules is misleading.

FSSO user/group filter import have misleading descriptions.

SMS gateway HTTP/HTTPS - Inconsistent JSON object type used for phone-number attribute.

User logon is not working with FSSOMA mobility agent.

LDAP user password expired, user not prompted for RSA Token code (chained Token Authentication).

Agent exception error occurred when OTP is delivered by SMS.

Self-registration access via HTTP is allowed.

Remote SAML user import from Azure AD issues.

Fine-grained menu content has misaligned pointer in SSO/General.

RDP Users prompted for credentials twice and failing the second time due to token reuse (if they do not wait).

Restricted admin users have view of HA settings and can attempt to change them.

Align logs on the left side instead of the center.

FortiGate filtering stops any users sent to FortiGate even though users are member of group/container.

SAML SSO Groups - not all are imported.

When a user reports lost token and tries to switch to email token authentication, the email is never sent to the user with the token.

SAML authentication fails when the AD display name contains a coma (,) and the user has an admin role.

GUI does not show cert UPN.

Longer IPv6 address cannot be set to the FortiAuthenticator interface.

Secondary unit upgrade fails.

Remote SAML user import from Azure AD - Not all users imported.

FortiAuthenticator-VM hangs while quiescing the virtual machine.

Certificate sync does not work from primary to LB peer/nodes.

Self-service portal does not work with remote LDAP user with administrator role profile, portal error: 403 Forbidden.

Domain controller query status shows failed with successful queries.

Gateway timed out error while creating a new user group.

If local CA is selected for EAP and no EAP server certificate is present on FortiAuthenticator, radiusd keeps crashing after upgrading to 6.2.0.

Remove device ID requirement when using Smart Connect.

Display filter is not working correctly within the certificates section.

Smart Connect user certificate generation fails due to certificate ID character limitation/autogeneration process.

FortiAuthenticator Captive Portal is not providing correct redirection URL response to Apple iOS devices.

Unable to add multiple alternate DNS names into certificate for user certificates.

FortiAuthenticator timing out with known good SMTP server (port 587, no STARTTLS).

When a user tries to access the Self-service portal, FortiAuthenticator gives the "Please enter correct credentials. Note password is case-sensitive" error randomly.

RADIUS authentication with the remote RADIUS server stops working.

FortiAuthenticator Windows Agent 3.0 - New RDP connection by the same user unable to finish due to blank login screen.

GUI - Hide SNMP trap option for PSU monitoring for unsupported devices.

LB Cluster fails to sync SAML configuration.

Change in the default RADIUS authentication port makes the GUI inaccessible.

Protection and warning when deleting a local CA (in the LB primary side).

Admin cannot log in to approve the self-registration when group filters are set without admin user in a Guest Portal policy.

FortiAuthenticator fails to load the license.

Non-SMS RADIUS users unable to authenticate when the SMS gateway is down.

Hitting the OpenLDAP size limit on FortiAuthenticator.

Passwords of some local users on FortiAuthenticator are not expiring.

LB sync deletes LB-created CA certificate but it still shows up in the UI list.

Error creating RADIUS client (subnet) matching existing TACACS client (subnet).

Users audit report does not update timestamps for LDAP users in the "last used" column.

FortiAuthenticator 2000E missing power supply in the CLI and the GUI.

After upgrading FortiAuthenticator from 5.4 to 6.x Apple devices cannot load the FortiAuthenticator captive portal via the system pop-up only.

License dashboard pane is not populating.

HTTPS certificate chain is inconsistent/incorrect.

Allowed hosts configuration through CLI not reflected in the GUI before reboot.

Unable to disable maintenance mode in a HA cluster.

Certificate expiry warning sends out an email everyday.

TACACS+ service unstable after receiving many authentication attempts.

FortiAuthenticator HA primary API PATCH method localuser-[ID] produces a 504 gateway timeout.

Change in HTML for confirmation page after a successful logout from the guest portal "Logout Success Page".

"Portal was not found in the session" when registering a guest with non-ASCII characters "Umlauts".

Unable to import SSO filtering LDAP group from the eDirectory.

Push notifications are not working for random users after upgrading to FortiAuthenticator 6.2.0 and 6.2.1.

FortiAuthenticator is not sending optional Attribute-Value pairs.

Duplicate remote LDAP users are not syncing.

Mobile number formatting.

Recover from corrupt FTM license configurations.

FortiAuthenticator Windows agent- Push not working for some clients.

FortiAuthenticator Agent: SMS token code not delivered for a user set with a blank password.

CLI only supports configuring interfaces port1 - port4.

Recurrent log message: Portal was not found in the session, redirecting back to the entry point.

FSSO FortiGate IP filter ignored when the global group prefilter is enabled.

An expired certificate is delivered toward WiFi authenticated users.

SAML assertion request error in the date/time format.

FortiAuthenticator Windows Agent prompts for token despite an incorrect password, and then does not prompt for user credentials again.

SAML SSO/Proxy metadata download fails with "invalid_xml".

FortiAuthenticator FSSO - TS Agent sessions stuck at zero after server reboot until FSSOTA service is restarted.

SNMP access to the LB secondary fails.

Transferring reassigned tokens triggered from the previous user sends email to the existing user.

Subdomain users can authenticate over FortiAuthenticator Agent installed on a workstation in the main domain without a token code.

FortiAuthenticator Agent cannot initiate connection towards a secondary FortiAuthenticator for 2FA validation.

On a LB node, a user certificate has the same SN in case of getting signed with synced local CA of standalone primary.

Windows Agent 3.2 push notification accept fails on unlock and change password screens.

Change password not working with Checkpoint VPN when 2FA is enabled.

No Kerberos ticket requests (negotiate) on encrypted HTTPS traffic from FortiAuthenticator.

CLI: Verify administrator password before reset default admin account.

User Portal: Self-service policy cannot do MAC filtering.

Lost messages from the serial port.

GUI display of Power supply status is wrong.

Ensure logs for push notification daemon are rotated.

LB checksums not changing when local user passwords are updated.

Rate limit REST API calls to authentication related endpoints.

Old SAML IdP sessions not cleaned up by the expired session cleanup task.

Unable to select admins from the MAC device page.

Unable to delete social users.

Remove "realm" field when FortiAuthenticator calls auth_post with arguments.

No more pushd log after the old log is archived.

HA LB status Users/User profiles keep going back to the out-of-sync status.

Port over FortiOS changes to upgrade Windows Azure Agent for marketplace compatibility.

rlm_facauth multi-thread support.

If the MAC filter is enabled, but the configured radius attribute is missing from the packet, we deny the authentication.

Update cert layout so that the subject column is usable and the "Renewable Before Expiry (days)" is sized appropriately for.

Cloud initialization with CLI in config drive fails due to mandatory default password reset.

XSS Vulnerability observed when editing a Replacement Message.

Secure flag support in SSL/TLS HTTPS cookies to avoid cookie leaking.

LDAP sync rule does not support switching between user types in admin case.

FortiAuthenticator 6.0.3 generates errors in the FSSO debug log showing max TS Agent number has been reached.

Wildcard for the allowed host.

REST API FTC push support.

HA-cluster upgrade failed in the secondary side.

DB level delete cascade is missing.

Add "expires_in" field to /oauth/verify_token/ response.

Remote sync rules only enable password recovery by email not by security questions.

Support for SHA256 usage in SAML signature method.

CSR issued by Windows cannot be signed by FortiAuthenticator 6.2.x.

Add a way to expand FortiAuthenticator "data drive" file system if partition size increases.

Support email/SMS 2FA for FTC.