Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring SP settings on FortiAuthenticator

To configure service provider settings:
  1. Go to Authentication > SAML IdP > Service Providers and create a new reference for the service provider that you will be using as your SAML client.
  2. Enter the following information:
    1. SP name: Enter a name for the SP device.
    2. IdP prefix: Select +, enter an IdP prefix in the Create Alternate IdP Prefix dialog or select Generate prefix, and click OK.
    3. Server certificate: Select the same certificate as the default IdP certificate used in Authentication > SAML IdP > General. See Configuring IdP settings.
  3. Click Save.
  4. In the SP Metadata pane, enter the SP information from the client you will be using as the SAML service provider.
  5. Download the IdP metadata.
    This can be used to set up the SAML IdP configuration in your SAML SP client (if allowed by your client).
  6. Click OK.
  7. Select and click Edit to edit the recently created SP.
  8. In Assertion Attribute Configuration:
    1. Select Username from the Subject NameID dropdown.
    2. Select urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified in Format.
  9. In Assertion Attributes, select Add Assertion Attribute:
    1. Enter a SAML Attribute name that your SAML SP is expecting to identify the user.
    2. Select a User Attribute for this selection. If you are unsure of which attribute to pick, select SAML username.

  10. Click OK to save changes.

Configuring SP settings on FortiAuthenticator

To configure service provider settings:
  1. Go to Authentication > SAML IdP > Service Providers and create a new reference for the service provider that you will be using as your SAML client.
  2. Enter the following information:
    1. SP name: Enter a name for the SP device.
    2. IdP prefix: Select +, enter an IdP prefix in the Create Alternate IdP Prefix dialog or select Generate prefix, and click OK.
    3. Server certificate: Select the same certificate as the default IdP certificate used in Authentication > SAML IdP > General. See Configuring IdP settings.
  3. Click Save.
  4. In the SP Metadata pane, enter the SP information from the client you will be using as the SAML service provider.
  5. Download the IdP metadata.
    This can be used to set up the SAML IdP configuration in your SAML SP client (if allowed by your client).
  6. Click OK.
  7. Select and click Edit to edit the recently created SP.
  8. In Assertion Attribute Configuration:
    1. Select Username from the Subject NameID dropdown.
    2. Select urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified in Format.
  9. In Assertion Attributes, select Add Assertion Attribute:
    1. Enter a SAML Attribute name that your SAML SP is expecting to identify the user.
    2. Select a User Attribute for this selection. If you are unsure of which attribute to pick, select SAML username.

  10. Click OK to save changes.