Step 7 (Optional): Use Single Sign-On to Connect to the AdventureWorks2000 Database

SharePoint 2007

The Business Data Catalog supports using single sign-on (SSO) to connect to the back-end line-of-business (LOB) systems. Pass-through authentication has its own drawbacks. For more information, see Business Data Catalog Authentication. Therefore, it is recommended that you use SSO if your database uses Windows or database authentication and if your Web Service system uses Windows or other credentials.

As discussed in the Business Data Catalog Authentication topic, there are three authentication modes you can use with SSO:

  • WindowsCredentials (Database and Web Service Systems)

    Microsoft Office SharePoint Server 2007 authenticates by using Windows credentials from its default single sign-on (SSO) service. Use this mode if your database server or Web Service uses Windows authentication. You need to set up SSO for this mode.

  • RdbCredentials (Database Systems Only)

    In RdbCredentials mode, Office SharePoint Server 2007 authenticates by using database credentials from its default SSO service. Office SharePoint Server 2007 adds the database credentials to the connection string and transmits the credentials to the database server. Use this mode if your database server uses Database Credentials. For example if your SQL Server uses SQL Server authentication instead of Windows authentication. You need to set up SSO for this mode.

  • Credentials (Web Service Systems Only)

    Office SharePoint Server 2007 authenticates Web service systems by using credentials other than those from Windows Authentication from its default SSO service. These credentials are used for basic or digest authentication, depending on the configuration of the Web services server. Because basic and digest authentication do not adequately protect credentials, you should use SSL or IPSec or both to secure communication between the Web services server and the server running the Business Data Catalog. Use this mode if your Web Service uses credentials other than Windows credentials. You need to set up SSO for this mode.

To use SSO instead of PassThrough authentication when connecting to the AdventureWorks2000 database, use the following procedure. Note that the SQL Server has to be set up to use Windows authentication in this case.

  1. Open the AdventureWorks.XML file from Step 2, 3, 4, or 5.

  2. Replace the existing <LobSystemInstance> tag with the following XML:

    <LobSystemInstance Name="AdventureWorksSampleInstance">
          <!-- Business Data clients such as the Web Parts and List use 
          the Instance name in the entity picker, etc.-->
           <Properties>
            <Property Name="AuthenticationMode" Type="System.String">WindowsCredentials</Property>
            <!--AuthenticationMode can be set to PassThrough, 
            RevertToSelf, RdbCredentials, or WindowsCredentials. -->
            <Property Name="DatabaseAccessProvider" Type="System.String">SqlServer</Property>
            <!-- Can be SQL Server, OLEDB, Oracle, or ODBC for 
            database systems. -->
            <Property Name="RdbConnection Data Source" Type="System.String">EnterYourAdventureWorks2000ServerNameHere</Property>
            <!-- The name of your server hosting the AdventureWorks2000 
            database or the name of the SQL Server instance in the 
            format SQLServer\Instance. -->
            <Property Name="RdbConnection Initial Catalog" Type="System.String">AdventureWorks2000</Property>
            <!-- The name of the database.> -->
            <Property Name="RdbConnection Integrated Security" Type="System.String">SSPI</Property>
            <Property Name="RdbConnection Pooling" Type="System.String">false</Property>
             <Property Name="SsoApplicationId" Type="System.String">AdventureWorks2000</Property>
             <Property Name ="SsoProviderImplementation" Type="System.String">Microsoft.SharePoint.Portal.SingleSignon.SpsSsoProvider, Microsoft.SharePoint.Portal.SingleSignon, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c</Property>      
          </Properties>
        </LobSystemInstance>
    
  3. In the LobSystemInstance metadata, replace the name of the SQL Server computer that hosts the AdventureWorks2000 database in the Rdb Connection Source property accordingly. If you use a SQL Server instance, use the format, SQLServer\Instance.

  4. Save the XML.

  5. Configure single sign-on. To configure single sign-on for the first time, complete the following tasks:

    1. Determine and set up necessary Windows accounts.

    2. Enable the single sign-on service on the job server.

    3. Configure the single sign-on settings.

    4. Create an application definition. The name should match the SSOApplicationId property defined in the metadata.

    5. Provide account information for the application definition.

    6. Enable the single sign-on service on the front-end servers.

  6. Before you add the application definition again, you must delete the AdventureWorksSample application you created in Step 1 from the Business Data Catalog. To delete AdventureWorksSample, follow these steps:

    1. Open SharePoint 3.0 Central Administration.

    2. In the left navigation pane, click the name of your Shared Services Provider (SSP).

    3. In the Business Data Catalog section, click View Applications to view the registered applications.

    4. Click AdventureWorksSample to open the View Application: AdventureWorksSample page.

    5. Finally, click Delete Application in the Application Settings section.

  7. Now, add the application definition to the Business Data Catalog. For details, see How to: Add an Application Definition to the Business Data Catalog.

  8. Test the metadata by displaying data from the AdventureWorks2000 database using the business data features. For details, see Testing the Metadata.

Community Additions

ADD
Show: