Single Sign-On (SSO) allows users to transparently log in to FotoWeb when running with Internet Explorer in a Windows Network.
FotoWeb must be installed in the same domain as the users. IIS must be configured to use Windows Authentication.
All users must exist in Active Directory and be logged in to the domain on their computers.
Users must be using Internet Explorer on Windows computers for full functionality. Flash applets will not work in other browsers than Internet Explorer when using SSO.
User accounts in FotoWeb must be set up with Trusted Authentication (or imported via Active Directory integration). The username in FotoWeb must be the same as the username in AD.
The FotoWeb site must be added to the Local Intranet zone in Internet Explorer.
All users must log in using SSO. It is not possible to use SSO for only a subset of the user database.
Also note: If FotoWeb's Guest account is disabled (i.e. "locked out"), FotoWeb will redirect site calls to the built-in homepage, omitting login and presenting users with a login box even if SSO has been enabled. Hence, you should take care not to lock out the guest account if you choose to use SSO.
FotoWeb Desktop for Mac cannot connect to servers that have been configured with Single Sign-on. Mac users can log on to the FotoWeb site through a web browser using a valid user name and password, but will not be able to use the Flash upload tool from the web interface.
Enable the Enable single sign-on option in the Site Properties | Miscellaneous tab in the Site administration.
In Computer Management, verify that the FotoWare Process Account user (set in the Operations Center) is a member of the IIS_IUSRS group.
In Internet Information Services, verify that FotoWeb's Application Pool is set to run using the Process Account that you have set in the Operations Center.
On the /fotoweb virtual directory in Internet Information Services, click Authentication. Disable Anonymous Authentication, and enable Windows Authentication.
If you want to allow other browsers than Internet Explorer, also enable the ‘Basic authentication’ option. Users with other browsers that Internet Explorer will then be asked to fill in a username and password when logging in.
SSO requires enabling Active Directory integration in FotoWeb. Having done so, you must also import the AD groups you want to give access on the Groups tab in the FotoWeb site configuration.
Restart FotoWeb and Internet Information Services.
Enable the Enable single sign-on option in the Site Properties | Miscellaneous tab in the Site administration.
In Computer Management, verify that the FotoWare Process Account user is a member of the IIS_WPG group.
In Internet Information Services, verify that FotoWeb's Application Pool is set to run using the Process Account that you have set in the Operations Center.
On the /fotoweb virtual directory in Internet Information Services, Directory Security tab, Authentication and access control (click Edit), disable the option ‘Enable anonymous access’ and enable ‘Integrated Windows authentication’.
If you want to allow other browsers than Internet Explorer, also enable the ‘Basic authentication’ option. Users with other browsers that Internet Explorer will then be asked to fill in a username and password when logging in.
Verify that the /fotoweb virtual directory is part of the FotoWeb application pool.
SSO requires enabling Active Directory integration in FotoWeb. Having done so, you must also import the AD groups you want to give access on the Groups tab in the FotoWeb site configuration.
Restart FotoWeb and Internet Information Services
In Internet Explorer, go to the Tools | Internet Options menu.
On the Security tab, click Local Intranet sites.
Click the Sites button.
Click on Advanced.
Type in the URL to the FotoWeb server, e.g. http://fotoweb.fotoware.com/ or http://fwserver/
Disable Require server verification for all sites in this zone.
Click Close, and OK in the Internet Options dialog.
Type in the URLto the FotoWeb server. You should be automatically logged in if your username is identical to an account in FotoWeb that has OS Authentication set.
Tip: If you still reach the login screen when connecting to FotoWeb, clear you browser cache, removing cookies, and restart your browser.
It is recommended that you distribute the list of trusted sites via a group policy in larger networks.
HTTP Error 401
Please see http://support.microsoft.com/kb/871179 if you receive an HTTP 401 error when using Single Sign-On.