Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

user fsso

Use this command to configure the FortiGate unit to receive user group information from a Directory Service server equipped with the Fortinet Single Sign-On (FSSO) Agent. You can specify up to five computers on which an FSSO collector agent is installed. The FortiGate unit uses these collector agents in a redundant configuration, whereby if the first agent fails, the FortiGate unit attempts to connect to the next agent in the list, and so on.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set source-ip6 <address>

IPv6 source address for communications to the FSSO agent.

config user fsso
    edit {name}
    # Configure Fortinet Single Sign On (FSSO) agents.
        set name {string}   Name. size[35]
        set server {string}   Domain name or IP address of the first FSSO collector agent. size[63]
        set port {integer}   Port of the first FSSO collector agent. range[1-65535]
        set password {password_string}   Password of the first FSSO collector agent. size[128]
        set server2 {string}   Domain name or IP address of the second FSSO collector agent. size[63]
        set port2 {integer}   Port of the second FSSO collector agent. range[1-65535]
        set password2 {password_string}   Password of the second FSSO collector agent. size[128]
        set server3 {string}   Domain name or IP address of the third FSSO collector agent. size[63]
        set port3 {integer}   Port of the third FSSO collector agent. range[1-65535]
        set password3 {password_string}   Password of the third FSSO collector agent. size[128]
        set server4 {string}   Domain name or IP address of the fourth FSSO collector agent. size[63]
        set port4 {integer}   Port of the fourth FSSO collector agent. range[1-65535]
        set password4 {password_string}   Password of the fourth FSSO collector agent. size[128]
        set server5 {string}   Domain name or IP address of the fifth FSSO collector agent. size[63]
        set port5 {integer}   Port of the fifth FSSO collector agent. range[1-65535]
        set password5 {password_string}   Password of the fifth FSSO collector agent. size[128]
        set ldap-server {string}   LDAP server to get group information. size[35] - datasource(s): user.ldap.name
        set source-ip {ipv4 address}   Source IP for communications to FSSO agent.
        set source-ip6 {ipv6 address}   IPv6 source for communications to FSSO agent.
    next
end

Additional information

The following section is for those options that require additional explanation.

ldap-server <server>

Enter the name of the LDAP server to be used to get group information from the Directory Service.

{password | password2 | password3 | password4 | password5} <agent-password>

For each collector agent, enter the password.

{port | port2 | port3 | port4 | port5} <agent-port>

For each collector agent, enter the port number used for communication with FortiGate units. The default, for each port, is set to 8000.

{server | server2 | server3 | server4 | server5} <agent-address>

Enter the domain name or IP address for up to five collector agents (maximum of 63 characters).

source-ip <server>

Enter the source IP for communications to FSSO servers.

user fsso

Use this command to configure the FortiGate unit to receive user group information from a Directory Service server equipped with the Fortinet Single Sign-On (FSSO) Agent. You can specify up to five computers on which an FSSO collector agent is installed. The FortiGate unit uses these collector agents in a redundant configuration, whereby if the first agent fails, the FortiGate unit attempts to connect to the next agent in the list, and so on.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set source-ip6 <address>

IPv6 source address for communications to the FSSO agent.

config user fsso
    edit {name}
    # Configure Fortinet Single Sign On (FSSO) agents.
        set name {string}   Name. size[35]
        set server {string}   Domain name or IP address of the first FSSO collector agent. size[63]
        set port {integer}   Port of the first FSSO collector agent. range[1-65535]
        set password {password_string}   Password of the first FSSO collector agent. size[128]
        set server2 {string}   Domain name or IP address of the second FSSO collector agent. size[63]
        set port2 {integer}   Port of the second FSSO collector agent. range[1-65535]
        set password2 {password_string}   Password of the second FSSO collector agent. size[128]
        set server3 {string}   Domain name or IP address of the third FSSO collector agent. size[63]
        set port3 {integer}   Port of the third FSSO collector agent. range[1-65535]
        set password3 {password_string}   Password of the third FSSO collector agent. size[128]
        set server4 {string}   Domain name or IP address of the fourth FSSO collector agent. size[63]
        set port4 {integer}   Port of the fourth FSSO collector agent. range[1-65535]
        set password4 {password_string}   Password of the fourth FSSO collector agent. size[128]
        set server5 {string}   Domain name or IP address of the fifth FSSO collector agent. size[63]
        set port5 {integer}   Port of the fifth FSSO collector agent. range[1-65535]
        set password5 {password_string}   Password of the fifth FSSO collector agent. size[128]
        set ldap-server {string}   LDAP server to get group information. size[35] - datasource(s): user.ldap.name
        set source-ip {ipv4 address}   Source IP for communications to FSSO agent.
        set source-ip6 {ipv6 address}   IPv6 source for communications to FSSO agent.
    next
end

Additional information

The following section is for those options that require additional explanation.

ldap-server <server>

Enter the name of the LDAP server to be used to get group information from the Directory Service.

{password | password2 | password3 | password4 | password5} <agent-password>

For each collector agent, enter the password.

{port | port2 | port3 | port4 | port5} <agent-port>

For each collector agent, enter the port number used for communication with FortiGate units. The default, for each port, is set to 8000.

{server | server2 | server3 | server4 | server5} <agent-address>

Enter the domain name or IP address for up to five collector agents (maximum of 63 characters).

source-ip <server>

Enter the source IP for communications to FSSO servers.