For Customers Currently Using or Considering SSO Integration with FortiGate

Target

• Customers using Access Control and FortiGate with single sign-on (SSO) integration
• Customers considering SSO integration with FortiGate

Details

Due to a specification change in FortiGate (FortiOS), we have confirmed an issue where SSO with Access Control cannot be performed correctly.

・Affected versions
Version 7.2.x: 7.2.12 and later
Version 7.4.x: 7.4.9 and later
Version 7.6.x: 7.6.4

Added on Thursday, March 5, 2026: In version 7.4.10, it is now possible to change the signature verification settings.
For details, please refer toChanging Signature Verification Settings in FortiGate (FortiOS).

Added on Tuesday, December 16, 2025: In version 7.6.5, it is now possible to change the signature verification settings.
For details, please refer toChanging Signature Verification Settings in FortiGate (FortiOS).

Due to this specification change, the identity provider (IdP) is required to sign both the assertion and the response in the SAML response. Currently, Access Control's SAML SSO only supports signing either the assertion or the response, and does not support signing both.

Overview of FortiGate Specification Changes

• https://docs.fortinet.com/document/fortigate/7.2.12/fortios-release-notes/684249/saml-certificate-verification (external link)
• https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SAML-Authentication-fails-after-firmware/ta-p/407859 (external link)

Changing Signature Verification Settings in FortiGate (FortiOS)

In version 7.6.5 and versions 7.4.10 and later, it has been confirmed that the signature verification settings can be changed.
Please follow the "Response and assertion signing" steps in the manual below and change [require-signed-resp-and-asrt] to [disable].
 

・Version 7.6.5
https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/736845/saml (external link)
 

・Version 7.4.10
https://docs.fortinet.com/document/fortigate/7.4.10/administration-guide/736845/saml (external link)

* For details on the configuration method, please contact Fortinet.

Support for Other Versions

Regarding version 7.2.x, we have information that this will be addressed in the upcoming version 7.2.14. However, for further details, we kindly ask that you contact Fortinet directly as needed.