Fortinet black logo

CLI Reference

config system saml

config system saml

Global settings for SAML authentication.

config system saml
    Description: Global settings for SAML authentication.
    set binding-protocol [post|redirect]
    set cert {string}
    set default-login-page [normal|sso]
    set default-profile {string}
    set entity-id {string}
    set idp-cert {string}
    set idp-entity-id {string}
    set idp-single-logout-url {string}
    set idp-single-sign-on-url {string}
    set life {integer}
    set portal-url {string}
    set role [identity-provider|service-provider]
    set server-address {string}
    config service-providers
        Description: Authorized service providers.
        edit <name>
            set prefix {string}
            set sp-binding-protocol [post|redirect]
            set sp-cert {string}
            set sp-entity-id {string}
            set sp-single-sign-on-url {string}
            set sp-single-logout-url {string}
            set sp-portal-url {string}
            set idp-entity-id {string}
            set idp-single-sign-on-url {string}
            set idp-single-logout-url {string}
            config assertion-attributes
                Description: Customized SAML attributes to send along with assertion.
                edit <name>
                    set type [username|email|...]
                next
            end
        next
    end
    set single-logout-url {string}
    set single-sign-on-url {string}
    set status [enable|disable]
    set tolerance {integer}
end

config system saml

Parameter

Description

Type

Size

Default

binding-protocol

IdP Binding protocol.

option

-

redirect

Option

Description

post

HTTP POST binding.

redirect

HTTP Redirect binding.

cert

Certificate to sign SAML messages.

string

Maximum length: 35

default-login-page

Choose default login page.

option

-

normal

Option

Description

normal

Use local login page as default.

sso

Use IdP's Single Sign-On page as default.

default-profile

Default profile for new SSO admin.

string

Maximum length: 35

entity-id

SP entity ID.

string

Maximum length: 255

idp-cert

IDP certificate name.

string

Maximum length: 35

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

life

Length of the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

30

portal-url

SP portal URL.

string

Maximum length: 255

role

SAML role.

option

-

service-provider

Option

Description

identity-provider

Identity Provider.

service-provider

Service Provider.

server-address

Server address.

string

Maximum length: 63

single-logout-url

SP single logout URL.

string

Maximum length: 255

single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

status

Enable/disable SAML authentication.

option

-

disable

Option

Description

enable

Enable SAML authentication.

disable

Disable SAML authentication.

tolerance

Tolerance to the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

5

config service-providers

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

prefix

Prefix.

string

Maximum length: 35

sp-binding-protocol

SP binding protocol.

option

-

post

Option

Description

post

HTTP POST binding.

redirect

HTTP Redirect binding.

sp-cert

SP certificate name.

string

Maximum length: 35

sp-entity-id

SP entity ID.

string

Maximum length: 255

sp-single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

sp-single-logout-url

SP single logout URL.

string

Maximum length: 255

sp-portal-url

SP portal URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

config assertion-attributes

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

type

Type.

option

-

username

Option

Description

username

User Name.

email

Email Address.

profile-name

Profile Name.

config system saml

Global settings for SAML authentication.

config system saml
    Description: Global settings for SAML authentication.
    set binding-protocol [post|redirect]
    set cert {string}
    set default-login-page [normal|sso]
    set default-profile {string}
    set entity-id {string}
    set idp-cert {string}
    set idp-entity-id {string}
    set idp-single-logout-url {string}
    set idp-single-sign-on-url {string}
    set life {integer}
    set portal-url {string}
    set role [identity-provider|service-provider]
    set server-address {string}
    config service-providers
        Description: Authorized service providers.
        edit <name>
            set prefix {string}
            set sp-binding-protocol [post|redirect]
            set sp-cert {string}
            set sp-entity-id {string}
            set sp-single-sign-on-url {string}
            set sp-single-logout-url {string}
            set sp-portal-url {string}
            set idp-entity-id {string}
            set idp-single-sign-on-url {string}
            set idp-single-logout-url {string}
            config assertion-attributes
                Description: Customized SAML attributes to send along with assertion.
                edit <name>
                    set type [username|email|...]
                next
            end
        next
    end
    set single-logout-url {string}
    set single-sign-on-url {string}
    set status [enable|disable]
    set tolerance {integer}
end

config system saml

Parameter

Description

Type

Size

Default

binding-protocol

IdP Binding protocol.

option

-

redirect

Option

Description

post

HTTP POST binding.

redirect

HTTP Redirect binding.

cert

Certificate to sign SAML messages.

string

Maximum length: 35

default-login-page

Choose default login page.

option

-

normal

Option

Description

normal

Use local login page as default.

sso

Use IdP's Single Sign-On page as default.

default-profile

Default profile for new SSO admin.

string

Maximum length: 35

entity-id

SP entity ID.

string

Maximum length: 255

idp-cert

IDP certificate name.

string

Maximum length: 35

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

life

Length of the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

30

portal-url

SP portal URL.

string

Maximum length: 255

role

SAML role.

option

-

service-provider

Option

Description

identity-provider

Identity Provider.

service-provider

Service Provider.

server-address

Server address.

string

Maximum length: 63

single-logout-url

SP single logout URL.

string

Maximum length: 255

single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

status

Enable/disable SAML authentication.

option

-

disable

Option

Description

enable

Enable SAML authentication.

disable

Disable SAML authentication.

tolerance

Tolerance to the range of time when the assertion is valid (in minutes).

integer

Minimum value: 0 Maximum value: 4294967295

5

config service-providers

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

prefix

Prefix.

string

Maximum length: 35

sp-binding-protocol

SP binding protocol.

option

-

post

Option

Description

post

HTTP POST binding.

redirect

HTTP Redirect binding.

sp-cert

SP certificate name.

string

Maximum length: 35

sp-entity-id

SP entity ID.

string

Maximum length: 255

sp-single-sign-on-url

SP single sign-on URL.

string

Maximum length: 255

sp-single-logout-url

SP single logout URL.

string

Maximum length: 255

sp-portal-url

SP portal URL.

string

Maximum length: 255

idp-entity-id

IDP entity ID.

string

Maximum length: 255

idp-single-sign-on-url

IDP single sign-on URL.

string

Maximum length: 255

idp-single-logout-url

IDP single logout URL.

string

Maximum length: 255

config assertion-attributes

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 35

type

Type.

option

-

username

Option

Description

username

User Name.

email

Email Address.

profile-name

Profile Name.