Share via


BI Service Applications in SharePoint 2010 – Authentication (Classic vs. Claims) and Identity Delegation (Kerberos) – Part 7

Author: Chris Bailiss
Technical Reviewers (Kerberos/Claims): James Noyce, Paul Williams

Introduction

This post is part of a series of posts describing the authentication methods supported by the SharePoint 2010 Business Intelligence service applications. Please see Part 1 for an overview of this series of posts.

This post summarises the previous six posts.

Summary

The following table summarises how each of the BI Service Applications can authenticate to a SQL Server data source (Relational Database or Analysis Services – see above for test cases):

Key:

  • Yes - Service application supports the specified authentication mechanism.
  • No - Service application doesn’t support (i.e. doesn’t work) when web application uses the specified authentication mechanism.
  • Per User - Service application is able to delegate the user identity to the data source.
  • Shared - Service application is able to use a single, shared, trusted account to connect to the data source.
  • N/A - Authentication back to data source not applicable to service application

Service Application

Web Application Authentication Mode

Classic –

‘Windows’

Claims –

Windows-Claims

Claims –

FBA-Claims

Excel Services

Yes: Per User + Shared

Yes: Per User + Shared

Yes: Shared Only

PerformancePoint Services

Yes: Per User + Shared

Yes: Per User + Shared

Yes: Shared Only

Reporting Services

Yes: Per User + Shared

Yes: Shared Only

Yes: Shared Only

PowerPivot for SharePoint

Yes: N/A

No

No

Visio Services

Yes: Per User + Shared

Yes: Per User + Shared

Yes: Shared Only

Notes:

  • PerformancePoint Dashboard Designer does not work with Claims-mode web applications. The web application must be extended to provide an alternative URL in classic-mode.
  • Reporting Services BIDS Report Designer and Report Builder are not able to retrieve / save content into Claims-mode web applications. The web application must be extended to provide an alternative URL in classic-mode.

Additional References

  • Configure Kerberos Authentication for SharePoint 2010 – Whitepaper
  • Implementing Claims-Based Authentication with SharePoint Server 2010 - Whitepaper

Comments

  • Anonymous
    May 19, 2012
    Chris, thanks ever so much for this.  I think it's extremely useful.