Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
smaruvala
Staff
Staff

Created on ‎04-24-2024 12:07 AM

Article Id 311208

Technical Tip: Clearing browser cookie using FortiClient EMS to prevent SAML authentication bypass

Description

This article descries that FortiClient provides the flexibility to choose either an external browser or a FortiClient-embedded browser for SAML authentication. If an external browser is used then the credentials are cached in browser cookies.

This will lead to bypassing authentication when the user reconnects to FortiClient.

This negates the Single Log Out feature of SAML. The KB article explains how this can be solved using the FortiClient EMS setting.
Scope

FortiClient v7.2, FortiClient EMS v7.2
Solution
  1. From the FortiClient EMS Server, edit the desired SSL VPN tunnel from a 'Remote Access' profile, and add the command in the 'On Disconnect' script. 

 

Capture.PNG

 

  1. Depending on the default browser the location of the Cookie file will be different. For the Google Chrome browser the cookie is stored in the C:\users\%username%\AppData\Local\Google\Chrome\"User Data"\Default\Network\Cookies.
  2. The configuration file shows the command entered in the On Disconnect Script section.

 Capture2.PNG

 

  1. The command will be executed once the FortiClient VPN is disconnected and the cookies file will be deleted. 
224
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.