What's new
FortiAuthenticator version 6.3.1 includes the following new features and enhancements:
Self-Service Portal: FSSO support
FortiAuthenticator now allows you to set up an FSSO portal login page independent of the admin GUI login page using the self-service portal.
Go to the Portal Services tab in Fortinet SSO Methods > SSO to specify self-service portals used to create an FSSO session on successful end-user login. The FSSO session is removed when this end-user logs out.
Once the end-user is successfully authenticated, and given that the original request to the self-service portal contains the user_continue_url
HTTP parameter with a valid URL, then the self-service portal redirects the end-user's browser to the URL specified in user_continue_url
instead of the self-service portal's post-login menu page.
Customizable login and logout replacement messages are already available in Authentication > Portals > Replacement Messages.
TACACS+: PAP support
TACACS+ on FortiAuthenticator now supports the PAP authentication type.
Remote LDAP user synchronization rules support multiple certificate bindings
FortiAuthenticator now supports remote LDAP user synchronization rules where you can create or update user accounts with multiple certificate bindings. All certificate bindings use the same Common Name but different CAs.
Certificate binding CA dropdown available when creating or editing a remote LDAP user synchronization rule in Authentication > User Management > Remote User Sync Rules now allows selecting multiple CA certificates.
Inbound proxy settings for source address detection
FortiAuthenticator now allows the administrator to specify which HTTP header(s) may or may not be used to retrieve the source IP address of an HTTP request.
The Edit System Access Settings page in System > Administration > System Access has a new Inbound Proxy pane with related settings.