Known issues
This section lists the known issues of this release, but is not a complete list. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.
Bug ID |
Description |
---|---|
988439 | FortiAuthenticator cannot join a domain with special UFT-8 extended ASCII characters. |
950855 | Unintelligible characters are sometimes displayed after saving certificate in the admin UI. |
997200 | SAML IdP Proxy not able to retrieve group memberships from remote OpenLDAP server. |
971708 | Restoring configuration on AWS resets password of 'admin' account to instance-id. |
972164 | LDAP sync rule fails if trying to sync user account already imported by a different sync rule if certificate bindings are included. |
973232 | Missing user groups for FSSO if LDAP lookup does not use sAMAccountName . |
975319 | Issues detected with selected template when deploying OVA file to VMware Sphere. |
983076 | Smart Connect profile for Windows installs the client certificate under the incorrect user profile. |
1005640 | Certificates generated on FortiAuthenticator with its own CA appear as 'untrusted' for FortiToken Mobile in push return service. |
1007051 | REST API realmauth: FTM Push not working properly for if user account with same type and username in separate realms. |
1010853 | Invalid URL link in password reset email when username contains special UTF8 characters. |
1016955 | Certificate generation does not work against some ACME servers due to account email update attempt by FortiAuthenticator. |
961550 | FortiAuthenticator incorrectly logs "invalid token" when end-user declines FTM push. |
983781 | LDAP sync rule test filter only includes groups if tree view is expanded. |
988320 | SFP Port 5/6 on FortiAuthenticator 800F occasionally going down unexpectedly and require reboot come back up. |
990360 | RADIUS Disconnect-request fails due to missing accounting session id attribute. |
1004271 | Certificate binding in user account showing expired status even if there is another valid certificate. |
1005153 | Unable to create remote LDAP server with Kerberos realm name containing an underscore. |
1014087 | FortiAuthenticator stops responding to SAML/RADIUS requests after AD servers maintenance window. |
1014845 | execute expand-partition command is not working. |
1017747 | FortiAuthenticator does not respond to SCEP request from Apple MDM. |
1017916 | Remote User Sync Rules does not work with OpenLDAP group attribute. |
1004216 | SAML IDP: switching 'Mandatory password...' to 'All configured...' gives
Please correct the error below . |
1007898 | SAML Proxy - Delay before redirection to SP after successful authentication with remote SAML IdP related because of blocking DNS lookup. |
997240 | LDAP Service does not return list of users when querying group for
memberof attribute. |
801933 | LDAP service logs "LDAP_FAC" as source IP instead of the LDAP client IP address. |
805969 | Zero trust tunnels to multiple FortiGates does not work. |
986259 | Admin UI: Primary cluster info formatting is distorted on HA Status page of the load balancer node. |
1022146 | Changing the server certificate in CMP settings is not taking effect until after a reboot. |
1022734 | 403 error when downloading FortiAuthenticator SP's metadata if 'SAML SP SSO' is not enabled on the interface. |
1023816 | SSO sessions are created for local users that are excluded from SSO in Fine-grained Controls. |
863635 | SAML IdP-initiated portal displaying wrong auth method for FIDO users. |
1000927 | Promoting user account to sponsor/admin role should not be allowed when username contains non-ASCII characters. |
1002523 | SCEP server checks renewal criteria of the wildcard enrollment request instead of the one specific to renewed cert. |
1009748 | SMS user registration receipt includes FortiAuthenticator URL with a colon at the end. |
1012102 | Force Password Change page on SAML IdP Portal does not allow semi-colon or quotations in the password. |
1021681 | Authentication factors in User Lookup table incorrectly states no token was used for SAML IdP login session. |
1012741 | After successfully assigning an offline token to a remote user the local user page loads up. |
1019660 | FTM re-provisioning should not be allowed for Offline tokens in the legacy portal settings. |
963398 | Login widget demo on Firefox broken for SSO Portal Services settings |
1012225 | Rate Limit for Rest API does not function. |
933018 | HA (A-P) takes a long time to stabilize at boot. |
874293 | FortiAuthenticator picks the incorrect IP from proxied requests from the header when multiple headers are used in a request. |
1027581 |
The SCIM server does not support assigning FortiToken Mobile tokens to imported user accounts. |