Setting up SAML authentication
Adding the FotoWare application to your SAML provider
Example: Okta setup
Okta is an Identity Provider, which is used as an example to illustrate how to configure FotoWare to work with an IdP. The procedure may vary slightly depending on the type of IdP being used.
Create an application in your SAML provider's management console and set the following parameters:
Single sign on URL (aka Assertion Consumer Service URL or ACS URL)
Use the hostname to your FotoWare server followed by /fotoweb/auth/saml20/consume/, for example: https://example.fotoware.cloud/fotoweb/auth/saml20/consume/
Important: Remember to include the final forward slash at the end of the URL, as seen above.
Issuer ID / Audience URI:
The Audience URI should match the correct Issuer ID - the site URL - including a final forward slash, like in this example:
https://example.fotoware.cloud/fotoweb/
Important: Remember to include the final forward slash at the end of the URL, as seen above.
Attribute statements
In the Attribute statements section, map the FotoWare attributes to those of your SAML provider.
The screenshot below shows the mapping between FotoWare and Okta, where the FotoWare attributes are shown in the left column (email, givenName, sn, username), and the corresponding Okta values are shown in the right column.
Important Notes:
- The names of the attributes in FotoWare can be customized, for instance, to accommodate IdPs that send a fixed attribute value.
- Additional attributes can be added to import more information about users, such as group membership.