This article describes how to fix the error ‘Response validation failed. SAML response rejected’ when logging in using SSO FortiCloud in FortiAnalyzer/FortiManager.
Table of Contents
Scope
FortiManager, FortiAnalyzer, FortiCloud.
Solution
Pre-requisite
Enable ‘Allow admins to login with FortiCloud’ in System Settings > Admin > SAML SSO.
Step 1: Only registered account ID/email with FortiAnalyzer/FortiManager serial number can access the device using SSO login without the need to create IAM user or permission profiles.
Example
Registered email for FortiAnalyzer, serial number FAZ-VMTMXXXXXXXX [email protected] (Account ID: 9xxxxxx1).
When logged in using FortiCloud SSO in FortiAnalyzer, it will prompt to the FortiCloud login page, and proceed to access the EMAIL LOGIN page and enter [email protected] credentials.
Step 2: Other users need to create as IAM users inside [email protected] account and assigned Permission Profiles with FortiOS SSO for the users.
Example
Permission Profiles named SSO user created with FortiOS SSO portal enabled, and SuperAdmin for Access Type.
Example: IAM user [email protected] created, and assigned SSO user for permission profiles
Step 3: After creating an IAM user, it must verify the email before logging in as FortiCloud SSO in FortiAnalyzer/FortiManager. Proceed to login using IAM LOGIN with [email protected] (Account ID: 9xxxxxx1) with [email protected] credentials.
Note: Account ID is located under the dropdown username
Step 4: After verifying the IAM user email, log in from FortiAnalyzer/FortiManager using SSO FortiCloud.
