foxvito on Wed, 26 Sep 2012 06:57:25

I have a sharepoint site, which is configured as claims based authentication (ref: . both AD and members can log in to the site successfully. My user need to use the report build to create report on this sharepoint site. As a result, the site is also integrated with reporting service. I try to create a report in the sharepoint site by clicking "New Document" -> "Report builder Report". The report builder will comes out and ask for credential to connect to the report server. I use member to login and it can let me to create a data source which connect to a the list of the sharepoint site with credential option "Use current Windows user. Kerberos delegation might be required". However, when I try to create a data set and click the query designer, error "Server was unable to process request. ---> Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" appear as below:

Besides, non of my AD account can be used to login to the report builder. Errors below found in the ULS log:

09/26/2012 14:47:27.75 w3wp.exe (0x116C) 0x11F4 SharePoint Foundation Claims Authentication fo1t Monitorable SPSecurityTokenService.Issue() failed: System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. (Fault Detail is equal to Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The security token username and password could not be validated.).
09/26/2012 14:47:27.76 w3wp.exe (0x140C) 0x0F38 SharePoint Foundation Claims Authentication fsq7 High Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)     at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)     at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo) 524a2f96-f5ff-4c96-80d1-f08d3c7ef14f
09/26/2012 14:47:27.76 w3wp.exe (0x140C) 0x0F38 SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The security token username and password could not be validated.. 524a2f96-f5ff-4c96-80d1-f08d3c7ef14f


Mike Yin on Wed, 03 Oct 2012 13:41:29

Hi Foxvito,

Claims authentication types supported by SharePoint 2010 are Windows Claims, forms-based authentication Claims, and SAML Claims. In SAML-Claims mode, SharePoint Server accepts SAML tokens from a trusted external Security Token Provider (TST). From the blog you referenced, it seems to use the SAML Claims authentication.

However, the Reporting Services client applications: Report Builder, the Report Designer in Business Intelligence Development Studio, and Management Studio do not support connecting and authenticating with LiveID or SAML Claims based SharePoint Web applications. That's because the SAML Claims don't use the Reporting Services authentication endpoint. So, you have to change the Claims authentication type to use Report Builder on the SharePoint site.


Mike Yin

GUYO on Tue, 15 Jul 2014 18:23:30

Try extending the claims based web application and specify NTLM for the extended web app.. You should at least be able to fire up the Report Builder...