Database Reference
In-Depth Information
The Double-Hop Issue
Take a look at the error message in Figure
4-29
. Basically, this means that although
you can use impersonated credentials locally, Windows won't forward impersonated
credentials to a remote resource (the second hop), so the user's identity is lost even
before reaching the back end. And in this scenario SharePoint can't pass the credentials
of the logged-in user all the way to the back end via the services.
What you need is a mechanism by which the logged-in user is impersonated “as
someone else” to use Visio services and connect to the back end data. You can achieve
this by using the Secure Store Services (SSS) in SharePoint.
Secure Store Services
You can consider Secure Store Services the next generation of the single sign-on service
that is introduced in SharePoint 2010. SSS is a credential store that saves account
information securely in the database.
You can create and set these credentials on a per application basis associated to an
Application Id and use this Application Id for different services that are subject to the
double-hop issue. You can consider SSS as a gatekeeper service for authenticating a user
(or a group) against an application. You can also set ID for each target application at the
farm level.
Configuring Secure Store Services
1.
Make sure that you are a Farm Administrator and log on to the
Central Administration site.
2.
Click on Application Management and choose Manage
Service Applications from the Service Applications group
(Figure
4-30
).
