Configuring SP settings on FortiAuthenticator
To configure service provider settings:
- Go to Authentication > SAML IdP > Service Providers and create a new reference for the service provider that you will be using as your SAML client.
- Enter the following information:
- SP name: Enter a name for the SP device.
- IdP prefix: Select +, enter an IdP prefix in the Create Alternate IdP Prefix dialog or select Generate prefix, and click OK.
- Server certificate: Select the same certificate as the default IdP certificate used in Authentication > SAML IdP > General. See Configuring SAML IdP settings.
- Click Save.
- In the SP Metadata pane, enter the SP information from the client you will be using as the SAML service provider.
- Download the IdP metadata.
This can be used to set up the SAML IdP configuration in your SAML SP client (if allowed by your client).
- Click OK.
- Select and click Edit to edit the recently created SP.
- In Assertion Attribute Configuration:
- Select Username from the Subject NameID dropdown.
- Select urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified in Format.
- In Assertion Attributes, select Add Assertion Attribute:
- Enter a SAML Attribute name that your SAML SP is expecting to identify the user.
- Select a User Attribute for this selection. If you are unsure of which attribute to pick, select SAML username.
- Click OK to save changes.