Use this checklist as a starting point when troubleshooting SSO.
Note: Windows Active Directory SSO is deprecated and should not be used in new installations of FotoWeb. For customers with existing systems configured with AD SSO (Legacy), we recommend switching to either SAML or Azure AD, if possible.
What to check first
- Verify that the protocol and port in the FotoWeb site settings are set correctly. (HTTP = Port 80, HTTPS = Port 443). You can do this in the FotoWare Settings app:
- If HTTPS is used, a trusted certificate must be used on the FotoWeb server. Ideally, certificates should be CA-signed. Self-signed certificates must be made trusted.
Note: We do not recommend using self-signed certificates in production systems.
- In the IIS Manager, go to the website where FotoWeb is installed and verify in Bindings that the HTTPS binding (port 443) is bound to All Unassigned rather than to one specific IP address.
- You may need to restart FotoWeb services.
1. Using the Windows Task Manager or Process Explorer, verify that BuiltinAuthenticationProvider.exe is running without repeatedly restarting. If it is continually starting up and terminating, something is not right.
2. Note the precise error messages that appear. It is helpful if you can provide FotoWare Support with screenshots or video recordings of the behaviour experienced.
Known issues with Windows authentication
Note: Windows Authentication is deprecated and has been superseded by SAML + ADFS.
1. Windows authentication does not work with the Apache (build-in) web server, only with IIS.
2. Windows authentication does not work on secondary FotoWeb sites
3. Windows authentication has issues with multiple domains and domain forests.