Forum Discussion
rdsohf5_76190
Oct 11, 2010Nimbostratus
SSRS via Firepass
Experts,
We have a .net reports page on our intranet site that uses the SSRS (SQL Reporting Services) web service to build a tree of reports and the Report Viewer control to display the sele...
rdsohf5_76190
Oct 14, 2010Nimbostratus
Mike and Kevin - thanks for your replies. We connect via "Portal Access" and already have "Auto Logon with NTLM and Basic Auth Proxy" setup for our Master Group. NTLM is Windows authentication, but only one "hop" - i.e. credentials get passed from the client browser to our Intranet server OK, so we can present different pages/links to different users as Kevin mentions.
We want the same thing to occur on our SSRS server because some of our reports require the current user as a parameter and also only some users should be able to run certain reports. The problem is that our Reports page is an ASP.NET web application which is hosted on the Intranet server but uses the SSRS web service and report viewer to connect to the SSRS server. This is the "double-hop" situation - i.e. user credentials need to get passed firstly from the client browser to the Intranet server and then a second time to the SSRS server. This is called delegation and NTLM doesn't support it. In order to delegate user credentials all components in the chain must use Kerberos authentication, which is what I have done to get things working internally.
I have run a HTTP debugger and found that when the Reports page is loaded internally there are these messages...
Authorization Header (Negotiate) appears to contain a Kerberos ticket:
WWW-Authenticate Header (Negotiate) appears to be a Kerberos reply:
But when it's loaded from Firepass I only get this...
Proxy-Authorization Header is present: NTLM
This leads me to believe that Firepass isn't capable of Kerberos authentication at all. I have a support ticket with F5 so I'll let you know how I go. Others may be interested because it means that any "middle-tier" solution people have in place may not work when accessed via Firepass.
RD
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects