Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

706701

FortiAuthenticator cluster is inconsistently accessible via HA interfaces from outside the HA subnet.

725800

IAM username validation not consistent in REST API.

755551

FortiAuthenticator - [Third Party] Apache Http_Server -- Precaution Upgrade.

757516

Local user CSV export does not handle commas.

758516

FortiAuthenticator HA: cluster out of sync if the custom RADIUS dictionary is uploaded; authentication breaks.

761880

Support FortiToken Cloud user for OAuth authentication.

766379

Pending or deleted CSR and revoked certificates do not sync to the LB secondary.

770593

Minimize the use of CBC ciphersuites.

775083

FortiAuthenticator FSSO detects FortiAuthenticator domain-join as login event, resolves workstation name to 127.0.0.1 and forwards that login.

777359

User will not be deleted on FortiToken Cloud but deleted on FortiAuthenticator when calling the REST API endpoint: api/v1/localusers/USERID/.

778729

Creating users via REST API with ftk_only field gives 500 error on user page when enabling password authentication.

779771

500 internal error shows when editing the LDAP entry.

779796

SAML IdP proxy for Azure is not working with the current Azure Portal.

780611

Oauth Token API returns error when calling the API /oauth/token/ with FortiToken Cloud user, but FortiToken Cloud had sent push to the FortiToken Mobile.

782176

Certificate sync doesn't work from HA cluster to the LB note.

782448

Force password change on next logon produces 403 forbidden with SAML login.

782799

FTC manual sync times out when user > 1000, but actually the users are synced.

782965

FortiAuthenticator certificate verification issues (LDAPS, 802.1x).

785164

Remote admin unable to create self-service portal security question.

785585

HA load balancing anomaly for the registered captive portal user.

785634

Remote user without any FIDO keys for a FIDO enabled portal is unable to change the password.

788819

FortiAuthenticator 6.4.1 LDAP filters not being applied when importing groups from Fortinet SSO Methods > SSO > SSO groups.

789931

FIDO key registration does not work if FQDN contains uppercase letters.

792031

SAML IdP with LDAP for Google SP randomly fails with Internal Server Error (Error 500).

792230

Encoding Migration Error after upgrading to 6.4.0 - 6.4.2 - no space left on device.

792723

FortiAuthenticator - Internal Server Error - Table fac_auth_facgroup is replicated and cannot be modified on a subscriber node.

793478

SAML SSLVPN authentication fails because FortiAuthenticator cuts parts of the DN when using the group LDAP filter.

793627

SAML sync rule shows javascript error.

793837

500 error when clicking on revoked and expired server certificate.

793868

Onboarding message feature sends SMS via unexpected SMS gateway.

794167

Self-service portal: Token revocation error.

794222

GUI crashes when we try to create a realm that already exists.

794681

FortiToken mobile 'Scan QR code' does not display the QR code for the remote SAML user.

794689

Refresh FortiToken Mobile button deprovisions FortiToken Mobile from the remote SAML user.

795030

Sponsor email address does not appear in recipient section of registration approval request email sent to freeform admin anymore.

795097

500 Internal Server Error when resetting the password.

795155

FortiAuthenticator API not performing input validation on the groups.

795275

Issues after upgrading from 6.0.7 to 6.4.2.

795560

SmartConnect profile generating certificate with incorrect suffix.

795939

When mschapv2 is used between FortiAuthenticator and FortiGate, the portal login is broken.

796079

RADIUS server stops responding to access requests in a very busy environment.

796431

SNMP api 'auth_failure' should be renamed to 'auth_failures'.

796844

Cancel button not working when editing local or remote user after upgrading to 6.4.2 or 6.4.3.

796891

FortiAuthenticator as IdP, using custom att splits <saml:Attribute Name='username'> into multiple lines.

797216

Not possible to add realm to IdP definition without a valid license in 6.4.3.

797870

Show disconnects admin from the CLI.

797909

Execution of sync rule runs FortiToken Cloud synchronization for all FortiAuthenticator users if user is removed from FortiAuthenticator as a result of sync rule.

798099

500 internal server error when trying to display Oauth sessions.

799416

[3rd party component upgrade required for security reasons] FortiAuthenticator - pillow to 9.0.1.

799762

FortiAuthenticator cluster - CLI system time on secondary does not match primary.

799785

'Test Token' option under individual users doesn't have the country code selected.

799792

[3rd party component upgrade required for security reasons] FortiAuthenticator - curl to 7.83.1.

801043

nslookup broken: nslookup: applet not found.

801589

OpenID Missing Issuer URL.

801764

REST API Put request for usergroup gets 500 error.

803568

REST API authentication with password for ftk_only users fails in these two special cases

803891

SAML peer certificate expiration issue and XML security issue.

804229

SAML usernames are case sensitive, resulting in a failure of FortiToken assignment.

805371

FortiAuthenticator 6.4.3 - 802.1X RADIUS service restarted after certificate binding process.

805720

[3rd party component upgrade required for security reasons] FortiAuthenticator - linux_kernel to 5.10.111/5.4.189/4.19.238/4....

806115

Username/Email is not auto-populated after SAML redirection from SP (O365) to IdP (FortiAuthenticator).

807151

Self-Service portal replacement template for FortiToken Mobile activation Scan QR Message does not reflect the changes.

807153

No Replacement Message template for 'FortiToken Mobile Activation Scan QR Message' for Legacy Self Service Portal.

813480

Rebooting the FortiAuthenticator causes OAuth service to stop working - returns 500 server error.

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

706701

FortiAuthenticator cluster is inconsistently accessible via HA interfaces from outside the HA subnet.

725800

IAM username validation not consistent in REST API.

755551

FortiAuthenticator - [Third Party] Apache Http_Server -- Precaution Upgrade.

757516

Local user CSV export does not handle commas.

758516

FortiAuthenticator HA: cluster out of sync if the custom RADIUS dictionary is uploaded; authentication breaks.

761880

Support FortiToken Cloud user for OAuth authentication.

766379

Pending or deleted CSR and revoked certificates do not sync to the LB secondary.

770593

Minimize the use of CBC ciphersuites.

775083

FortiAuthenticator FSSO detects FortiAuthenticator domain-join as login event, resolves workstation name to 127.0.0.1 and forwards that login.

777359

User will not be deleted on FortiToken Cloud but deleted on FortiAuthenticator when calling the REST API endpoint: api/v1/localusers/USERID/.

778729

Creating users via REST API with ftk_only field gives 500 error on user page when enabling password authentication.

779771

500 internal error shows when editing the LDAP entry.

779796

SAML IdP proxy for Azure is not working with the current Azure Portal.

780611

Oauth Token API returns error when calling the API /oauth/token/ with FortiToken Cloud user, but FortiToken Cloud had sent push to the FortiToken Mobile.

782176

Certificate sync doesn't work from HA cluster to the LB note.

782448

Force password change on next logon produces 403 forbidden with SAML login.

782799

FTC manual sync times out when user > 1000, but actually the users are synced.

782965

FortiAuthenticator certificate verification issues (LDAPS, 802.1x).

785164

Remote admin unable to create self-service portal security question.

785585

HA load balancing anomaly for the registered captive portal user.

785634

Remote user without any FIDO keys for a FIDO enabled portal is unable to change the password.

788819

FortiAuthenticator 6.4.1 LDAP filters not being applied when importing groups from Fortinet SSO Methods > SSO > SSO groups.

789931

FIDO key registration does not work if FQDN contains uppercase letters.

792031

SAML IdP with LDAP for Google SP randomly fails with Internal Server Error (Error 500).

792230

Encoding Migration Error after upgrading to 6.4.0 - 6.4.2 - no space left on device.

792723

FortiAuthenticator - Internal Server Error - Table fac_auth_facgroup is replicated and cannot be modified on a subscriber node.

793478

SAML SSLVPN authentication fails because FortiAuthenticator cuts parts of the DN when using the group LDAP filter.

793627

SAML sync rule shows javascript error.

793837

500 error when clicking on revoked and expired server certificate.

793868

Onboarding message feature sends SMS via unexpected SMS gateway.

794167

Self-service portal: Token revocation error.

794222

GUI crashes when we try to create a realm that already exists.

794681

FortiToken mobile 'Scan QR code' does not display the QR code for the remote SAML user.

794689

Refresh FortiToken Mobile button deprovisions FortiToken Mobile from the remote SAML user.

795030

Sponsor email address does not appear in recipient section of registration approval request email sent to freeform admin anymore.

795097

500 Internal Server Error when resetting the password.

795155

FortiAuthenticator API not performing input validation on the groups.

795275

Issues after upgrading from 6.0.7 to 6.4.2.

795560

SmartConnect profile generating certificate with incorrect suffix.

795939

When mschapv2 is used between FortiAuthenticator and FortiGate, the portal login is broken.

796079

RADIUS server stops responding to access requests in a very busy environment.

796431

SNMP api 'auth_failure' should be renamed to 'auth_failures'.

796844

Cancel button not working when editing local or remote user after upgrading to 6.4.2 or 6.4.3.

796891

FortiAuthenticator as IdP, using custom att splits <saml:Attribute Name='username'> into multiple lines.

797216

Not possible to add realm to IdP definition without a valid license in 6.4.3.

797870

Show disconnects admin from the CLI.

797909

Execution of sync rule runs FortiToken Cloud synchronization for all FortiAuthenticator users if user is removed from FortiAuthenticator as a result of sync rule.

798099

500 internal server error when trying to display Oauth sessions.

799416

[3rd party component upgrade required for security reasons] FortiAuthenticator - pillow to 9.0.1.

799762

FortiAuthenticator cluster - CLI system time on secondary does not match primary.

799785

'Test Token' option under individual users doesn't have the country code selected.

799792

[3rd party component upgrade required for security reasons] FortiAuthenticator - curl to 7.83.1.

801043

nslookup broken: nslookup: applet not found.

801589

OpenID Missing Issuer URL.

801764

REST API Put request for usergroup gets 500 error.

803568

REST API authentication with password for ftk_only users fails in these two special cases

803891

SAML peer certificate expiration issue and XML security issue.

804229

SAML usernames are case sensitive, resulting in a failure of FortiToken assignment.

805371

FortiAuthenticator 6.4.3 - 802.1X RADIUS service restarted after certificate binding process.

805720

[3rd party component upgrade required for security reasons] FortiAuthenticator - linux_kernel to 5.10.111/5.4.189/4.19.238/4....

806115

Username/Email is not auto-populated after SAML redirection from SP (O365) to IdP (FortiAuthenticator).

807151

Self-Service portal replacement template for FortiToken Mobile activation Scan QR Message does not reflect the changes.

807153

No Replacement Message template for 'FortiToken Mobile Activation Scan QR Message' for Legacy Self Service Portal.

813480

Rebooting the FortiAuthenticator causes OAuth service to stop working - returns 500 server error.