Microsoft Office Tutorials and References
In Depth Information
the DOUBLe-hOp ISSUe
although you can use impersonated credentials locally, Windows won’t forward impersonated credentials to a
remote resource (the second hop). so the user’s identity is lost even before he reaches the back end. and in this
scenario, sharepoint can’t pass the credentials of the logged-in user all the way to the back end via the services.
this scenario is known as The Double-Hop problem.
to solve the problem, a mechanism is needed by which the logged-in user can be impersonated “as someone
else” to use Visio services and connect to the back-end data. You can achieve this by using the secure store
services (sss) in sharepoint.
Secure Store Services
You can consider Secure Store Services (introduced in SharePoint 2010) the next generation of the single
sign-on service in MOSS 2007. SSS is a credential store that saves account information securely in the database.
You can create and set these credentials on a per-application basis associated with an Application Id and use
this Application Id for different services that are subject to the double-hop issue. You can consider SSS as a gatekeeper
service for authenticating a user (or a group) against an application. You can also set ID for each target application
at the farm level.
Configuring Secure Store Services
Let’s start by configuring Secure Store Services:
Make sure you are a Farm Administrator, and log on to the Central Administration site.
Click on Application Management, and choose Manage Service Applications from the
Service Applications group (Figure 2-46 ).
Figure 2-46. Choose “Manage service applications” on the Central Administration site
From the list of available services, click on Secure Store Service (Figure 2-47 ).
Search JabSto ::