Skip to main content
Documentation & User Guides | Fotoware

Integrated Windows Authentication and your choice of web browser

To facilitate SSO (Single Sign-On) through the web browser when using FotoWeb Authentication or Windows Active Directory Authentication, Windows Integrated Authentication is used. Because this functionality is not available on non-Windows clients, SSO is not available to users of these platforms when using these authentication mechanisms. If using a non-Windows client platform, consider using SAML (Security Assertion Markup Language) authentication.

Microsoft Edge and Google Chrome

These browsers all use the Internet Settings in Windows Control Panel. For SSO to work, you must add the FotoWeb site to the Local intranet zone, as shown below.

Windows Internet Options.png

Windows Internet Options - add to local intranet zone.png

Firefox browser

You will need to add the FotoWeb site to the list of trusted URLs in Firefox.

To do so:

  1. Open Firefox and enter about:config in the address bar
    A warning appears, select I'll be careful to proceed
  2. In the search/filter field enter ntlm.
  3. Set network.automatic-ntlm-auth.trusted-uris to the FotoWeb DNS name (for example, http://company.com).
  4. Set network.automatic-ntlm-auth.allow-non-fqdn to True by right-clicking the Value column and selecting Toggle.
  5. In the search/filter field enter negotiate.
  6. Set network.negotiate-auth.trusted-uris to the FotoWeb DNS name (for example, http://company.com).
  7. Set network.negotiate-auth.allow-non-fqdn to True by right-clicking the Value column and selecting Toggle.
  8. Select OK if present.
  9. Restart Firefox.

Note:

  • Steps 2-4 are only necessary if the client is not a member of the domain. This enables the NTLM fallback mechanism to allow the client to authenticate with a username and password.
  • Steps 4 and 7 are only necessary if you're using a non-FQDN (such as a netbios name). When using a fully qualified domain name, these steps are not required-

macOS browsers

Integrated Windows Authentication requires Kerberos token support on the client. See the documentation for macOS and your browser vendor for information about how to establish Kerberos trust on macOS computers.