Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Global settings for SAML authentication.

  config system saml
      Description: Global settings for SAML authentication.
      set status [enable|disable]
      set role [identity-provider|service-provider]
      set default-login-page [normal|sso]
      set default-profile {string}
      set cert {string}
      set binding-protocol {option}
      set portal-url {string}
      set entity-id {string}
      set single-sign-on-url {string}
      set artifact-resolution-url {string}
      set single-logout-url {string}
      set idp-entity-id {string}
      set idp-single-sign-on-url {string}
      set idp-artifact-resolution-url {string}
      set idp-single-logout-url {string}
      set idp-cert {string}
      set server-address {string}
      set tolerance {integer}
      set life {integer}
      config service-providers
          Description: Authorized service providers.
          edit <name>
              set prefix {string}
              set sp-binding-protocol {option}
              set sp-cert {string}
              set sp-entity-id {string}
              set sp-single-sign-on-url {string}
              set sp-artifact-resolution-url {string}
              set sp-single-logout-url {string}
              set sp-portal-url {string}
              set idp-entity-id {string}
              set idp-single-sign-on-url {string}
              set idp-artifact-resolution-url {string}
              set idp-single-logout-url {string}
              config assertion-attributes
                  Description: Customized SAML attributes to send along with assertion.
                  edit <name>
                      set type [username|email]
                  next
              end
          next
      end
  end

config system saml

Parameter Name Description Type Size
status Enable/disable SAML authentication (default = disable).
enable: Enable SAML authentication.
disable: Disable SAML authentication.
option -
role SAML role.
identity-provider: Identity Provider.
service-provider: Service Provider.
option -
default-login-page Choose default login page.
normal: Use local login page as default.
sso: Use IdP's Single Sign-On page as default.
option -
default-profile Default profile for new SSO admin. string Maximum length: 35
cert Certificate to sign SAML messages. string Maximum length: 35
binding-protocol Binding protocol.
post: HTTP POST binding.
option -
portal-url SP portal URL. string Maximum length: 255
entity-id SP entity ID. string Maximum length: 255
single-sign-on-url SP single sign-on URL. string Maximum length: 255
artifact-resolution-url SP artifact resolution URL. string Maximum length: 255
single-logout-url SP single logout URL. string Maximum length: 255
idp-entity-id IDP entity ID. string Maximum length: 255
idp-single-sign-on-url IDP single sign-on URL. string Maximum length: 255
idp-artifact-resolution-url IDP artifact resolution URL. string Maximum length: 255
idp-single-logout-url IDP single logout URL. string Maximum length: 255
idp-cert IDP certificate name. string Maximum length: 35
server-address Server address. string Maximum length: 63
tolerance Tolerance to the range of time when the assertion is valid (in minutes). integer Minimum value: 0 Maximum value: 4294967295
life Length of the range of time when the assertion is valid (in minutes). integer Minimum value: 0 Maximum value: 4294967295
Parameter Name Description Type Size
prefix Prefix. string Maximum length: 35
sp-binding-protocol SP binding protocol.
post: HTTP POST binding.
option -
sp-cert SP certificate name. string Maximum length: 35
sp-entity-id SP entity ID. string Maximum length: 255
sp-single-sign-on-url SP single sign-on URL. string Maximum length: 255
sp-artifact-resolution-url SP artifact resolution URL. string Maximum length: 255
sp-single-logout-url SP single logout URL. string Maximum length: 255
sp-portal-url SP portal URL. string Maximum length: 255
idp-entity-id IDP entity ID. string Maximum length: 255
idp-single-sign-on-url IDP single sign-on URL. string Maximum length: 255
idp-artifact-resolution-url IDP artifact resolution URL. string Maximum length: 255
idp-single-logout-url IDP single logout URL. string Maximum length: 255

config assertion-attributes

Parameter Name Description Type Size
type Type.
username: User Name.
email: Email address.
option -

Global settings for SAML authentication.

  config system saml
      Description: Global settings for SAML authentication.
      set status [enable|disable]
      set role [identity-provider|service-provider]
      set default-login-page [normal|sso]
      set default-profile {string}
      set cert {string}
      set binding-protocol {option}
      set portal-url {string}
      set entity-id {string}
      set single-sign-on-url {string}
      set artifact-resolution-url {string}
      set single-logout-url {string}
      set idp-entity-id {string}
      set idp-single-sign-on-url {string}
      set idp-artifact-resolution-url {string}
      set idp-single-logout-url {string}
      set idp-cert {string}
      set server-address {string}
      set tolerance {integer}
      set life {integer}
      config service-providers
          Description: Authorized service providers.
          edit <name>
              set prefix {string}
              set sp-binding-protocol {option}
              set sp-cert {string}
              set sp-entity-id {string}
              set sp-single-sign-on-url {string}
              set sp-artifact-resolution-url {string}
              set sp-single-logout-url {string}
              set sp-portal-url {string}
              set idp-entity-id {string}
              set idp-single-sign-on-url {string}
              set idp-artifact-resolution-url {string}
              set idp-single-logout-url {string}
              config assertion-attributes
                  Description: Customized SAML attributes to send along with assertion.
                  edit <name>
                      set type [username|email]
                  next
              end
          next
      end
  end

config system saml

Parameter Name Description Type Size
status Enable/disable SAML authentication (default = disable).
enable: Enable SAML authentication.
disable: Disable SAML authentication.
option -
role SAML role.
identity-provider: Identity Provider.
service-provider: Service Provider.
option -
default-login-page Choose default login page.
normal: Use local login page as default.
sso: Use IdP's Single Sign-On page as default.
option -
default-profile Default profile for new SSO admin. string Maximum length: 35
cert Certificate to sign SAML messages. string Maximum length: 35
binding-protocol Binding protocol.
post: HTTP POST binding.
option -
portal-url SP portal URL. string Maximum length: 255
entity-id SP entity ID. string Maximum length: 255
single-sign-on-url SP single sign-on URL. string Maximum length: 255
artifact-resolution-url SP artifact resolution URL. string Maximum length: 255
single-logout-url SP single logout URL. string Maximum length: 255
idp-entity-id IDP entity ID. string Maximum length: 255
idp-single-sign-on-url IDP single sign-on URL. string Maximum length: 255
idp-artifact-resolution-url IDP artifact resolution URL. string Maximum length: 255
idp-single-logout-url IDP single logout URL. string Maximum length: 255
idp-cert IDP certificate name. string Maximum length: 35
server-address Server address. string Maximum length: 63
tolerance Tolerance to the range of time when the assertion is valid (in minutes). integer Minimum value: 0 Maximum value: 4294967295
life Length of the range of time when the assertion is valid (in minutes). integer Minimum value: 0 Maximum value: 4294967295
Parameter Name Description Type Size
prefix Prefix. string Maximum length: 35
sp-binding-protocol SP binding protocol.
post: HTTP POST binding.
option -
sp-cert SP certificate name. string Maximum length: 35
sp-entity-id SP entity ID. string Maximum length: 255
sp-single-sign-on-url SP single sign-on URL. string Maximum length: 255
sp-artifact-resolution-url SP artifact resolution URL. string Maximum length: 255
sp-single-logout-url SP single logout URL. string Maximum length: 255
sp-portal-url SP portal URL. string Maximum length: 255
idp-entity-id IDP entity ID. string Maximum length: 255
idp-single-sign-on-url IDP single sign-on URL. string Maximum length: 255
idp-artifact-resolution-url IDP artifact resolution URL. string Maximum length: 255
idp-single-logout-url IDP single logout URL. string Maximum length: 255

config assertion-attributes

Parameter Name Description Type Size
type Type.
username: User Name.
email: Email address.
option -