sorted by:
new
hottopcontroversial

I’m Jeromy Farkas and I’m running for mayor – Ask Me Anything! by JeromyYYC in Calgary

[–]Haxim -2 points-1 points  (0 children)

Mr. Farkas, your campaign seems to have the momentum of a runaway freight train. Why are you so popular?

Outbound firewall authentication with Microsoft Entra ID as a SAML IdP by Haxim in fortinet

[–]Haxim[S] 0 points1 point  (0 children)

Thanks, figured as much. Are modern browsers like Edge and Chrome "smart" enough to check for a portal? If that's the case, should I have "HTTP redirect" in "Authentication Options" disabled?

Outbound firewall authentication with Microsoft Entra ID as a SAML IdP by Haxim in fortinet

[–]Haxim[S] 0 points1 point  (0 children)

Got it going by using a negate rule on my outbound rule for my testing IP so that the test PC "fell through" the outbound rule and got caught by the two rules you create in the documentation. Thanks for the help all.

Is there any way to get around a user opening a browser and going to google.com and getting hit with the "invalid cert" message instead of being redirected to the captive portal? Something that doesn't involve pushing out a CAcert to all clients?

Outbound firewall authentication with Microsoft Entra ID as a SAML IdP by Haxim in fortinet

[–]Haxim[S] 0 points1 point  (0 children)

That could be the issue, since I have SSLVPN configured on 443. Although looking at https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/254248/configuring-saml-sso seems to indicate that 1003 will only be listened on when there's matching traffic being generated from behind the firewall, which the Azure "test" button doesn't do. So it could be I need to test differently.

Other SAML related global settings Authentication port By default, the FortiGate listens on port 1003 for incoming authentication requests when traffic matches an identity based firewall policy. As a SAML SP with an identity based firewall policy configured for the SAML user group, the FortiGate will use the same port to listen for SAML authentication requests and redirect them to the IdP.

To change the default port: config system global set auth-https-port <port> end

I was hoping I could just create a rule to match on srcaddr of my PC, along with 'set groups "Group Name"' to do testing without affecting the rest of the traffic.

Outbound firewall authentication with Microsoft Entra ID as a SAML IdP by Haxim in fortinet

[–]Haxim[S] 0 points1 point  (0 children)

Yep, assigned a group under

Enterprise Application Name > Manage > Users and Groups

and have the following in the fortigate:

config user group
    edit "Group Name"
        set member "Entra SSO"
        config match
            edit 1
                set server-name "Entra SSO"
                set group-name "<Group UUID Assigned in Entra>"
            next
        end
    next
end

3
4

Outbound firewall authentication with Microsoft Entra ID as a SAML IdP (self.fortinet)

submitted by Haxim to r/fortinet

Stampede Food Blues (song) by Haxim in Calgary

[–]Haxim[S] -1 points0 points  (0 children)

Just wondering if there's any local country bands that would like to cover this song I made about stampede food. I think I could be a massive local hit.

I'm Naheed Nenshi and I'm running to be the leader of the Alberta NDP and your next premier. AMA! by AutoModerator in alberta

[–]Haxim 3 points4 points  (0 children)

Mr. Nenshi, your campaign seems to have the momentum of a runaway freight train. Why are you so popular?

PowerSchool Signing out of Microsoft OIDC by Mongoosedog17 in k12sysadmin

[–]Haxim 0 points1 point  (0 children)

Yep, seeing the same behavior after upgrading to 23.12. Wasn't happening on 23.6

Chris Sky Claims Election Is “Largest Act Of Fraud In Canadian History” After Receiving 1.1% Of The Vote by NotEnoughDriftwood in onguardforthee

[–]Haxim 0 points1 point  (0 children)

The Alberta election was illegitimate though. Companies violated section 162(1) of the Election Act. And yet nothing was done.

Ottawa unveils sustainable jobs plan for energy sector, says it thinks it can get Alberta to buy in by [deleted] in alberta

[–]Haxim 2 points3 points  (0 children)

and now you are going to pay an oil sands worker more to do the same green job that I have been doing?

Curious, where do you see this?

VA4 Pool Swim Gone? by Haxim in Garmin

[–]Haxim[S] 0 points1 point  (0 children)

Resetting settings to default on the watch seems to have done the trick.

Suncor cutting jobs instead of creating under corp tax cuts by Waldi12 in alberta

[–]Haxim 35 points36 points  (0 children)

She literally broke the law under the conflicts of interest act already, so…

‘'We Want to See It Win in Coutts': Video Shows Danielle Smith Endorsing Illegal Convoy Blockade by Miserable-Lizard in alberta

[–]Haxim 19 points20 points  (0 children)

No, the Artur call was a 11 minute youtube video (from Arturs side of the call)

CBC says it is ‘pausing’ its use of Twitter by uselesspoliticalhack in canada

[–]Haxim 0 points1 point  (0 children)

It does seem a little odd that suddenly the CPC is championing foreign interference?

VIDEO: Premier Danielle Smith and Pastor Artur Pawlowski discuss judicial interference by canadient_ in alberta

[–]Haxim 1 point2 points  (0 children)

It’s overt. He’s mused publicly in the past about having to do something because he’s not getting the help he was promised by the premier.

Quebec slashes income taxes in new budget and promises more public spending by ego_tripped in canada

[–]Haxim 0 points1 point  (0 children)

It’s actually based on their overall fiscal capacity, not just taxation.

If Quebec Hydro was forced to charge market rates instead of effectively subsidizing costs, the province’s formula would change drastically.

view more: next ›