Hope some one help me with this issue.
I"m testing PrivacyIDEA TOTP with Fortigate SSL-VPN
I Have Configured SSL-VPN on fortigate unit and all related policies
I have configured NPS Server to forward authetcations to PI like in this link: https://netknights.it/en/nps-2012-for-two-factor-authentication-with-privacyidea/
I Have config VSAs Vendor Attributes to match AD members group of LAB
I"m making testing with two AD users:
And AD Group: “LAB”.
User1 is a Member of LAB group.
User2 is NOT a member of LAB Group
When i"m trying to login to SSL-VPN with user1 the login is succeeded.
When i"m trying to login with User2 the login is ALSO Succeeded.
User2 is NOT a member of LAB Group and it suppose to be denied.
My Policy in PrivacyIDEA
I will thank you for your help