Closed GoogleCodeExporter closed 9 years ago
This is a classic double-hop scenario. The resolution of this problem depends
on the
Windows versions of the servers:
Windows 2000: It requires Kerberos or the use of network service
accounts used between servers (or if the back-end service is SQL - SQL
logins).
Windows 2003: You can use the Protocol Transition features to delegate
credentials without Kerberos.
Steps for protocol Transition
==============================
http://msdn.microsoft.com/en-us/library/ms998355.aspx#paght000024_step2
Note: It is preferred to use "custom domain account" than "machine account"
Original comment by amit.per...@gmail.com
on 19 Apr 2010 at 4:31
Could you please explain how to use protocol transition in this configuration?
- SAML Bridge - running on seperate machine DOMAIN\samlMachineAccount using
Network Service
- Sharepoint 2010 - running on seperate machine using a custom user account
DOMAIN\spsUserAccount
DOMAIN\samlMachineAccount is already trusted to delegate and SPNs are already
assigned to DOMAIN\spsUserAccount - these are prerequisites for normal use of
SAML Bridge.
Original comment by sascha.s...@googlemail.com
on 3 Feb 2011 at 12:54
Original comment by shashank...@gmail.com
on 17 Mar 2011 at 11:59
This issue is filed as Google issue #6513917
Original comment by tdnguyen@google.com
on 18 May 2012 at 12:18
Original issue reported on code.google.com by
amit.per...@gmail.com
on 4 Mar 2010 at 9:50