SP server certificate when expired produces a server 500 when trying to edit the SP configuration.

Yubikey third party token failed authentication with "invalid token" error after FortiAuthenticator upgrades to version 6.4.0.

Remote user sync not reflecting LDAP user's OU change.

Logout from SAML FSSO portal is generating signature validation error and 403 forbidden upon re-authentication.

FortiAuthenticator did not update user group info after sync user from LDAP server.

Uploading CRL on LB secondary FortiAuthenticator causes GUI crash.

LB secondary not syncing when we failover to the secondary FortiAuthenticator.

History password policy not working.

Push Service does not recognize the realm from the FortiAuthenticator agent.

"Mandatory password and OTP" setting not enforcing OTP on unimported remote users.

User sync rule now updates FortiToken assignment if a manual change occurs after initial sync.

Timezone 63 Darwin shows time 1 hour ahead.

Users Audit export: comma separated displayname shifts the cells/fields to the right.

Self-service portal "Change Password" button returns 403 Forbidden error for remote users.

Mobile FortiToken and SMS tokens log event from a scheduled syncing of remote LDAP users.

Limit of 64 characters in SAN DNS field for CSR/Certificate creation.

Improve SCEP grid layout.

Alcatel RADIUS VSA dictionary needs to be updated.

User lookup triggers internal server error 500 for users with two or more IdP sessions.

Not possible to resize/change columns width in log table.

Column resize or sort does not work properly in tables of FortiAuthenticator.

SCEP and device enrollment does not work.

500 internal server error when using unknown email address for password reset.

FortiAuthenticator not logging LDAP group membership changes.

When trying to import users from FortiGate conf to FortiAuthenticator v6.4.

FortiToken license status on LB nodes shows unknown.

IdP proxy scenario with local AD for group membership does not work.

Unable to download raw log.

When signing a CSR via SCEP, FortiAuthenticator returns "Unable to sign request, Unable to find a unique name".

FortiToken email activation sent to user again when LDAP sync runs after the timeout of token activation (user should stay disabled).

Sort by name the sponsor list in the self-registration guest portal.

Change in the password complexity rule is not taking effect.

Private IPv6 address added to SSO list instead of public IPv6 when received from a RADIUS accounting source.

GUI crashes during password recovery using E-mail address method if the E-mail is not associated with any user account.

Certificate sync does not work from Master to LB Peer/Nodes.

Deleting an unused group gives "500 internal server error".

HA connection status is still showing connected even the Primary FortiAuthenticator is already shutdown.

FSAE is taking high CPU.

Raid widget is showing wrong status.

Implement correct handling of VM license in case of configuration conversion.

FortiAuthenticator Agent does not support UPN username format (as imported to the FortiAuthenticator).

SMS : No update on number of sent message on the dashboard.

SAML querying the LDAP when the user is admin instead of looking for the user locally on remote LDAP users.

High CPU utilization by wmid process.

Groups sorting differences when importing LDAP groups in SSO groups and FortiGate filtering.

Guest portal authentication request failed with Cisco WLC.

SAML- SP Login page does not present the Done button in OSX CNA.

http of the FortiAuthenticator cannot be closed.

Windows machine login caching not working and breaking user + machine authentication RADIUS policy condition.

SAML SP ACS URL misconfig returns a Server 500 vs 403 and the log for SP config mismatch.

Saving LDAP server config produces: Please submit 0 or fewer forms.

FortiAuthenticator SAML SP requires at least 1 attribute in received SAML assertions from the remote IdP.

Provide skeleton language pack.

SMTP mail: failed to start session with the "Operation now in progress" error.

Unable to provide publisher details/assign code signing certificate to a Smart Connect profile.

FortiAuthenticator-VM 6.0.4 stops authenticating and GUI freezes until reboot is applied.

FortiAuthenticator active-passive cluster plus load-balancing node does not sync properly.

LDAP group query parsing error.

"The username is in use and this user cannot be made into an administrator" error.

EAP-TLS policy ignores group filter for cert user, cert user can authenticate even if it is not a member of the group.

When applying the OpenLDAP template the out of the box User Object class does not find any user.

Wrong message when user inputs incorrect email address or an incorrect username.

FortiAuthenticator IdP proxy fails to proxy SAML assertions received from remote IdP when the User Attribute with same name exists.

SAML IdP proxy session not showing and unable to log out from an external IdP.

Error while changing HA password of Load Balancer node with HA enabled.

LB + GUI local service certificate restrictions preventing reconfiguration.

Case sensitive remote RADIUS username does not work well.

SP metadata import causes GUI index error.

RADIUS auth fails with invalid user if temporary token type = sms but no mobile number.

Hide self-service portal token registration options when all are disabled.

iOS 14 and iPhone 13 Safari browser: Error displayed on FIDO auto-start after password authentication.

Remote LDAP server page loads incredibly slowly when many imported users exist.

Issue with auto-redirect on HA administration page when enabling HA for load balancer role.

Unable to restart radiusd in debug mode from FortiAuthenticator GUI debug tab after CSP changes for JS.

HA status page should show "Name" of LB nodes in Cluster + LB mode.

Admin trusted hosts applied to SAML auths, not just admin GUI.

Test SMS phone number is not initialized.

ubkey self-provisioning is broken.

No log for policy priority change.

User CSV import does group database check once per record.

Upper case is not accepted for local users.

LB should not delete certificates if they are used by config_setting table but not synced.

FSSO eventlog polling fail for machine account ending with $.

Unable to see top row title of replacement messages.

Certificate CN validation gives wrong error.

Customized SAML Token Login page's pre-existing pollTokenAuthResult JS broken after upgrade to 6.4.0.

CPU usage 100% after clicking LDAP server in GUI in a customer setup (and GUI timeout).

ESX deploy script.

IdP logins for SP throwing SQL errors on missing session.

User simultaneously created duplicate IdP session - resulted in broken session.

System Access inaccessible if web certificate /CA are missing.

Frequent CSRF errors when using HTTP authentication.

LDAP sync appears to be updating every user record, including unmodified ones.

Login activity not relayed from LB nodes to Master (for user expiry, etc).

Better error-reporting when trying to restore a config which is for a different model.

Unnecessary deletes on load-balancer causes really long re-sync delays.

Logs: FortiAuthenticator should log details when FIDO registration fails.

Change label wording for "Pre-Login Services "==>" FIDO Revocation".

FIDO: "Clear all Keys" should delete the keys.

FortiAuthenticator should show "FIDO" in the token column of user page if user has registered a FIDO token.

FTC- user_ip field in auth request is using Country value instead of IP.

OpenSSL 1.1.1l security fixes -- August 2021.

Pillow--- Precaution upgrade.

HA Cluster not able to access management port IP.

REST API authentication for remote user with upper case should not return 401.

Remote RADIUS user case sensitivity is not working properly.

PCI enabled FIDO authentication portal does not work with FIDO user.

Sync rule with multiple OTP assignment methods fails to sync users over if they are missing any one of the LDAP attributes.

Unable to retrieve FIDO token 500 internal server error.

Rephrase label "Every configured password and OTP factors".

Request-URI too long error when we try to export or E-mail large amounts of newly created guest users.

Rephrase timeout error message for timeout in deleting FTC user.

Windows Event Log Sources JavaScript Error.

Cannot import AD user groups as SSO Groups that have '+' in their names.

Extraneous "No search results" message appears under RADIUS Attributes section in user group page.

Migrating a user that already exists causes 500 internal error.

Cannot change the name of local users realm.

Remote RADIUS users with duplicate name REST API call cause 500 errors.

Exporting guest users phone number format incorrect.

New self service portal does not prompt for token resync, allows access with drifted OTP (when within configured window).

LDAP users are able to enable security question through Self-Service portal without actually setting a security question.

Editing security question results in duplicate UI in the pop-up.

500 Internal server error when end user has duplicate certificate bindings.

"Forgot password" option does not work on portal when user is temporary locked.

"None" option for token assignment missing in self-service portal MFA page.

Revoked FIDO token should display time in local time and not UTC.

Missing username in Oauth Request causes 500 server error.

"Internal Server Error" when local user enables security question without setting the security question through captive portal.

FortiToken mobile for a remote radius user on the FortiAuthenticator server and also on the FortiAuthenticator client fails to work.

SCEP gives wrong validation message if "Renewal Days" expiry is left empty.

Unable to create RADIUS attribute matching when creating a RADIUS policy.

Cannot see MAC devices limit in portals settings for Firefox.

FIDO popup message when saving user local information.

FIDO key registration failing first try on iOS 15.1.

Force password change not working when FIDO is enabled in portal policy.

FortiAuthenticator cannot support "mschapv2" as password encoding format for the RADIUS client.

api/v1/ssoauth/ API request returns 500 internal error occassionally.

Windows AD computer authentication option missing from RADIUS policies.

Remote RADIUS user takes longer than 30 sec to verify the deny process.

FortiGate fails to get FSSO list from FortiAuthenticator if the login user group belongs to OU with special characters like +EU.

Problem setting static IP address on a FortiAuthenticator-VM installed on a XenServer.

In the captive portal, when a wrong token code is entered, FortiAuthenticator does not display any error message and just redirects to the login page.

Remote user sync rule does not work with email/FTC 2FA.

PCI mode's behaviour for user without FIDO enabled is incorrect.

Password change not working for remote LDAP users.

Memory usage is High.

LB sync is broken for MAC devices if it is associated to a non-synced user.

Optimize introduction of Load Balancing node(s) to an A-A Cluster to provide high availability.