SharePoint 2013 InfoPath External Connections with Kerberos
-
10-12-2019 - |
Question
Environment
- 2 App
- 2 WFE
- 1 DB
C2WTS account- domain\AppPool (Log on as service/act as OS/Impersonate auth policy on all 4 servers)
IIS Kernel mode - off
Delegation for the all four servers:
Using UDC Connection (also tried without):
<udc:Authentication><udc:SSO AppId='InfoPathUDC' CredentialType='Kerberos' /></udc:Authentication>
SPN for domain\appool
HTTP/sharepoint
HTTP/sharepoint.domain.com
I'm trying to get external data to query correctly inside InfoPath forms as a data connection with Kerberos (to bypass the doublehop), which is a web service from another server. I haven't had this working, however it was working correctly in 2007 (due to classic mode). Not sure what the deal is here, but I keep getting unauthorized (401) or , and I'm assuming it's due to the claims token. Any ideas?
Solution
I've found that the only way to make this work in SharePoint 2013 with Claims Auth is through the Secure Store Service. InfoPath Services does NOT use the Claims to Windows Token Service. You need to tie the infopath data connection to a UDCX, and have the authentication point to the SecureStore Service Target Application ID that will then authenticate to the web service in the InfoPath.
Reference: http://blogs.msdn.com/b/chandru/archive/2013/02/26/using-web-services-in-infopath-forms-in-sp15.aspx