SharePoint 2013 InfoPath External Connections with Kerberos

sharepoint.stackexchange https://sharepoint.stackexchange.com//questions/95205

Question

Environment

  • 2 App
  • 2 WFE
  • 1 DB

C2WTS account- domain\AppPool (Log on as service/act as OS/Impersonate auth policy on all 4 servers)

IIS Kernel mode - off

Delegation for the all four servers:

enter image description here

Using UDC Connection (also tried without):

<udc:Authentication><udc:SSO AppId='InfoPathUDC' CredentialType='Kerberos' /></udc:Authentication>

SPN for domain\appool

HTTP/sharepoint

HTTP/sharepoint.domain.com

I'm trying to get external data to query correctly inside InfoPath forms as a data connection with Kerberos (to bypass the doublehop), which is a web service from another server. I haven't had this working, however it was working correctly in 2007 (due to classic mode). Not sure what the deal is here, but I keep getting unauthorized (401) or , and I'm assuming it's due to the claims token. Any ideas?

Was it helpful?

Solution

I've found that the only way to make this work in SharePoint 2013 with Claims Auth is through the Secure Store Service. InfoPath Services does NOT use the Claims to Windows Token Service. You need to tie the infopath data connection to a UDCX, and have the authentication point to the SecureStore Service Target Application ID that will then authenticate to the web service in the InfoPath.

Reference: http://blogs.msdn.com/b/chandru/archive/2013/02/26/using-web-services-in-infopath-forms-in-sp15.aspx

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top