Kerberos Delegation Requirements to support Authenticated RSS


  • Our SharePoint farm has a requirement to consume internet hosted RSS feeds. Our proxy requires authentication for certain feeds, others allow anonymous access. The anonymous feeds work fine using SharePoint out of the box RSS, whereas those requiring authentication do not. The AD account running the SharePoint web application app pool has permissions via the proxy, this can be demonstrated using IE from a SharePoint server to access the RSS feeds. (I have also deployed a test web part consuming the RSS feeds using .Net code which also works fine)

    We assume we need to implement Kerberos constrained delegation for the service account running the app pool, which will also require C2WTS as we are using claims. The SPNs for kerberos authentication for the SharePoint services (web applications) are already designed but not yet implemented. C2WTS is currently out of scope so would need implementing if required.

    I am unable to find any guidance specific for this scenario - using claims with the only requirement being authenticated RSS (no BI etc.)

    Can anyone confirm the above assumption and provide guidance on how to configure authentication for RSS. 



    Tuesday, March 28, 2017 11:13 AM

All replies