Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system saml

Global settings for SAML authentication.

config system saml

Description: Global settings for SAML authentication.

set status [enable|disable]

set role [identity-provider|service-provider]

set default-login-page [normal|sso]

set default-profile {string}

set cert {string}

set portal-url {string}

set entity-id {string}

set single-sign-on-url {string}

set single-logout-url {string}

set idp-entity-id {string}

set idp-single-sign-on-url {string}

set idp-single-logout-url {string}

set idp-cert {string}

set server-address {string}

set tolerance {integer}

set life {integer}

config service-providers

Description: Authorized service providers.

edit <name>

set prefix {string}

set sp-cert {string}

set sp-entity-id {string}

set sp-single-sign-on-url {string}

set sp-single-logout-url {string}

set sp-portal-url {string}

set idp-entity-id {string}

set idp-single-sign-on-url {string}

set idp-single-logout-url {string}

config assertion-attributes

Description: Customized SAML attributes to send along with assertion.

edit <name>

set type [username|email]

next

end

next

end

end

config system saml

Parameter name

Description

Type

Size

status

Enable/disable SAML authentication (default = disable).

option

-

 

Option

Description

enable

Enable SAML authentication.

disable

Disable SAML authentication.

role

SAML role.

option

-

 

Option

Description

identity-provider

Identity Provider.

service-provider

Service Provider.

default-login-page

Choose default login page.

option

-

 

Option

Description

normal

Use local login page as default.

sso

Use IdP's Single Sign-On page as default.

default-profile

Default profile for new SSO admin.

string

Maximum length: 35

cert

Certificate to sign SAML messages.

string

Maximum length: 35

portal-url

SP portal URL.

string

Maximum length: 255

entity-id

SP entity ID.

string

Maximum length: 255

single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

single-logout-url

SP single logout URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

idp-cert

IDP certificate name.

string

Maximum length: 35

server-address

Server address.

string

Maximum length: 63

tolerance

Tolerance to the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

life

Length of the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

Parameter name

Description

Type

Size

prefix

Prefix.

string

Maximum length: 35

sp-cert

SP certificate name.

string

Maximum length: 35

sp-entity-id

SP entity ID.

string

Maximum length: 255

sp-single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

sp-single-logout-url

SP single logout URL.

string

Maximum length: 255

sp-portal-url

SP portal URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

config assertion-attributes

Parameter name

Description

Type

Size

type

Type.

option

-

 

Option

Description

username

User Name.

email

Email address.

config system saml

Global settings for SAML authentication.

config system saml

Description: Global settings for SAML authentication.

set status [enable|disable]

set role [identity-provider|service-provider]

set default-login-page [normal|sso]

set default-profile {string}

set cert {string}

set portal-url {string}

set entity-id {string}

set single-sign-on-url {string}

set single-logout-url {string}

set idp-entity-id {string}

set idp-single-sign-on-url {string}

set idp-single-logout-url {string}

set idp-cert {string}

set server-address {string}

set tolerance {integer}

set life {integer}

config service-providers

Description: Authorized service providers.

edit <name>

set prefix {string}

set sp-cert {string}

set sp-entity-id {string}

set sp-single-sign-on-url {string}

set sp-single-logout-url {string}

set sp-portal-url {string}

set idp-entity-id {string}

set idp-single-sign-on-url {string}

set idp-single-logout-url {string}

config assertion-attributes

Description: Customized SAML attributes to send along with assertion.

edit <name>

set type [username|email]

next

end

next

end

end

config system saml

Parameter name

Description

Type

Size

status

Enable/disable SAML authentication (default = disable).

option

-

 

Option

Description

enable

Enable SAML authentication.

disable

Disable SAML authentication.

role

SAML role.

option

-

 

Option

Description

identity-provider

Identity Provider.

service-provider

Service Provider.

default-login-page

Choose default login page.

option

-

 

Option

Description

normal

Use local login page as default.

sso

Use IdP's Single Sign-On page as default.

default-profile

Default profile for new SSO admin.

string

Maximum length: 35

cert

Certificate to sign SAML messages.

string

Maximum length: 35

portal-url

SP portal URL.

string

Maximum length: 255

entity-id

SP entity ID.

string

Maximum length: 255

single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

single-logout-url

SP single logout URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

idp-cert

IDP certificate name.

string

Maximum length: 35

server-address

Server address.

string

Maximum length: 63

tolerance

Tolerance to the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

life

Length of the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

Parameter name

Description

Type

Size

prefix

Prefix.

string

Maximum length: 35

sp-cert

SP certificate name.

string

Maximum length: 35

sp-entity-id

SP entity ID.

string

Maximum length: 255

sp-single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

sp-single-logout-url

SP single logout URL.

string

Maximum length: 255

sp-portal-url

SP portal URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

config assertion-attributes

Parameter name

Description

Type

Size

type

Type.

option

-

 

Option

Description

username

User Name.

email

Email address.