Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • 11.14 Schreckhorn
    • Terminology
    • Solutions
    • User Guide - Deutsch
    • User Guide - English
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Fotoware Example Workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support

Table of Contents

Warning Prerequisites Setting up the ADFS Server Setting up Web Application Proxy Note:
  • Home
  • Fotoware On-Premises
  • FotoWeb
  • Managing users and groups (On-Premises)
  • Configuring authentication providers and single sign-on in FotoWare (On-Premises)
  • SAML Authentication (On-Premises)

Setting up Active Directory Federation Services (ADFS)

30. April 2025

Elaine Foley

Table of Contents

Warning Prerequisites Setting up the ADFS Server Setting up Web Application Proxy Note:

Setting up and maintaining ADFS is outside the scope of FotoWeb. Therefore, these instructions are basic and not necessarily suitable and secure enough for production systems. For more information, see Microsoft Active Directory Federation Services documentation or consult your IT administrator.

Warning

For security reasons, do NOT expose the primary ADFS server (port 443) on the open internet! If users need to be able to use ADFS sign-in from outside the organization's internal network, see Setting up Web Application Proxy.

Prerequisites

  • An on-premises Active Directory domain
  • Windows Server 2022, 2019, or 2016
  • At least one server in the organization's domain that serves as ADFS server (may be the same as the domain controller)
  • (Optional) At least one server in the organization's domain that serves as CA root server (may be the same as the domain controller and/or ADFS server)
  • (Optional) A separate server in the DMZ that serves as a Web Application Proxy

Setting up the ADFS Server

  1. Go to Server Manager > Manage > Add Roles and Features.
    1. Select the Active Directory Federation Services role.
    2. Install the role with default options.
  2. Open the post-install configuration wizard for ADFS from the notification menu in Server Manager.
    1. Select Create the first server in a federation server farm.
    2. When asked for a certificate, either import a certificate from a file or enroll a certificate from your enterprise CA (if available).
    3. Select a user-friendly display name (this is displayed to the end-user when signing in).
    4. Specify a service account. You can use a regular user account or a group-managed account by following the instructions provided by the wizard.
    5. Finish the wizard.

 For more information, see the Microsoft Active Directory Federation Services documentation. 

Setting up Web Application Proxy

The ADFS server should not be exposed to the internet. If users need to be able to use ADFS sign-in from outside the organization's internal network, then the solution is to set up a Web Application Proxy on a separate server in the DMZ.

Note: Web Application Proxy MUST use HTTPS for encrypting credentials in transit. It is strongly recommended to use a certificate signed by a public CA.

Web Application Proxy does not need to be a member of the organization's domain. Not joining the domain can be more secure, but may also make it more difficult to manage the server.

Note:

  • Even when using Fotoware Veloz with ADFS, it is not normally necessary to use a Web Application Proxy. As long as all users are logging in from their organization's internal network, where they can access the ADFS server directly, this also works with Fotoware Veloz.
  • An alternative to Web Application Proxy is to set up a VPN so users from outside the internal network of their organization can also access the primary ADFS server directly and securely. This approach is not documented here.
  1. Install the Web Application Proxy role
    1. Open Server Manager.
    2. Add the Remote Access role.
    3. Add the Web Application Proxy role service under Remote Access.

Import TLS certificate to be used by the Web Application Proxy.

The certificate must have a subject name (CN) that matches the service name of the ADFS server (for example, adfs.yourdomain.org).

If you create the certificate in your enterprise root CA on a computer within your domain, and the Web Application Proxy server is not a member of your domain, you must export and import the certificate. When enrolling the certificate, make sure to make its private key exportable. Then, export the certificate with the private key and copy it to the Web Application Proxy server. Do not make the private key exportable when importing the certificate again. You may want to delete all copies containing the private key, including the original. Machines outside your domain will not trust such a certificate, so this approach is not recommended.

  1. Configure Web Application Proxy
    1. Open the Web Application Proxy Configuration Wizard (you can use the notification icon in Server Manager).
    2. Enter the name of the ADFS server and credentials for an administrator user on the ADFS server.
    3. Select the TLS certificate.
    4. Finish the wizard.
 
 
adfs setup federation services

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Installing Index Manager
  • Installing FotoWeb
  • Installing Fotoware in an offline environment
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand