BI Service Applications in SharePoint 2010 – Authentication (Classic vs. Claims) and Identity Delegation (Kerberos) – Part 7
Author: Chris Bailiss
Technical Reviewers (Kerberos/Claims): James Noyce, Paul Williams
Introduction
This post is part of a series of posts describing the authentication methods supported by the SharePoint 2010 Business Intelligence service applications. Please see Part 1 for an overview of this series of posts.
This post summarises the previous six posts.
Summary
The following table summarises how each of the BI Service Applications can authenticate to a SQL Server data source (Relational Database or Analysis Services – see above for test cases):
Key:
- Yes - Service application supports the specified authentication mechanism.
- No - Service application doesn’t support (i.e. doesn’t work) when web application uses the specified authentication mechanism.
- Per User - Service application is able to delegate the user identity to the data source.
- Shared - Service application is able to use a single, shared, trusted account to connect to the data source.
- N/A - Authentication back to data source not applicable to service application
Service Application |
Web Application Authentication Mode |
||
Classic – ‘Windows’ |
Claims – Windows-Claims |
Claims – FBA-Claims |
|
Excel Services |
Yes: Per User + Shared |
Yes: Per User + Shared |
Yes: Shared Only |
PerformancePoint Services |
Yes: Per User + Shared |
Yes: Per User + Shared |
Yes: Shared Only |
Reporting Services |
Yes: Per User + Shared |
Yes: Shared Only |
Yes: Shared Only |
PowerPivot for SharePoint |
Yes: N/A |
No |
No |
Visio Services |
Yes: Per User + Shared |
Yes: Per User + Shared |
Yes: Shared Only |
Notes:
- PerformancePoint Dashboard Designer does not work with Claims-mode web applications. The web application must be extended to provide an alternative URL in classic-mode.
- Reporting Services BIDS Report Designer and Report Builder are not able to retrieve / save content into Claims-mode web applications. The web application must be extended to provide an alternative URL in classic-mode.
Additional References
- Configure Kerberos Authentication for SharePoint 2010 – Whitepaper
- Implementing Claims-Based Authentication with SharePoint Server 2010 - Whitepaper
Comments
- Anonymous
May 19, 2012
Chris, thanks ever so much for this. I think it's extremely useful.