How to Enable SSO For Web Services Used in InfoPath Form in SharePoint 2013

To use SharePoint Web services in an InfoPath form configured using Claim based SharePoint sites we need to create a SSO for the Web Service connection and need to be mentioned in the connection file (.udcx). We can see the detailed steps for that in this article.

1. On the Central Administration home page, in the Application Management section, click "Manage service applications" then click on "Secure Store Services".

Secure Store services

Note: We should configure Secure Store Services before doing this configuration.

Generate Keys

2. Before using the Secure Store Service, you must generate an encryption key. The key is used to encrypt and decrypt the credentials that are stored in the Secure Store Service database.

3. The first time you access the Secure Store Service application, your only option is to generate a new encryption key. Once the key has been generated, the rest of the Secure Store functionality becomes available.

4. In the Key Management group, click "Generate New Key".

Generate Keys

5. On the Generate New Key page, type a pass phrase string in the Pass Phrase box, and type the same string in the Confirm Pass Phrase box. This pass phrase is used to encrypt the Secure Store database. Click "OK".

Note :
A pass phrase string must be at least eight characters and must have at least three of the following four elements:

  • Uppercase characters
  • Lowercase characters
  • Numerals
  • Any of the following special characters

    "! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

    Generate New Key

Creating Target Application

1. In the Manage Target Applications group, click "New".

Creating Target ApplicationCreating Target Application1

2. In the Target Application ID box, type a text string.This is the unique string that you will use externally to identify this target application. This Application ID we could mention in the UDCX connection file.

3. In the Display Name box, type a text string that will be used to display the identifier of the target application in the user interface.

4. In the Contact Email box, type the e-mail address of the primary contact for this target application.

5. In the Target Application Type drop-down list, choose the target application type: Group.

6. Click on "Next"

Creating Secure Target Application

7. Use the Specify the credential fields for the Secure Store Target Application page to configure the various fields that may be required to provide credentials to the external data source. By default, two fields are listed: Windows User Name and Windows Password.

8. In our case, choose the default option, in other words Windows User Name and Windows Password and click "Next".

Creating Secure Target Application8

9. In the Target Application Administrators Field, list all users with access to manage the target application settings.

10. In the Members field, list the user groups to map to a set of credentials for this target application.

11. Click on "OK".

Edit Secure Target Application

12. Select the created "Target Application" and click "Set" Credentials.

Set Credentials

13. Specify the Windows UserName and Password of the Admin account and click "OK".

Creating Target Application2

Publishing InfoPath Data Connection for modifying Connection file

Use the following procedure to create a Connection Library for publishing the InfoPath form connection files:

1. Open the Site collection in a browser

2. Click on "Add App" to create a new connection library.

Add App

3. Click on "Data Connection Library".

Data Connection Library

4. Click on "Create".

Create App


Publish Data Connection to newly created connection library and edit the published Data Connection file to mention the SSO

1. Navigate to the custom list that we need to modify the InfoPath form data connection.

InfoPath form data connection

2. Click on "Customize Form".

Customize Form

3. Click on "Manage Data Connection" from the bottom-right corner of the "Action" section.

Manage Data Connection

4. Select a Web service data connection to modify the data connection. In our case select "GetUserCollectionFromGroup" and click on "Convert to Connection file".

Convert to Connection file

5. Enter the Newly created Connection Library path with the UDCX file name and click "OK".

Convert to Connection file1

6. Follow the same Steps 3 to 5 for a "Get UserProfileByName" connection.

7. Navigate to the newly created Data Connection Library.

Navigate to Newly created Data Connection Library

8. Download both of the UDCX files.

9. Modify the Authentication section with the SSO Application ID and Credentials Type.

Credential Type

10. Save the files and upload again to the same Data Connection Library.

Configure InfoPath form Services

1. On the Central Administration home page, in the General Application Settings section, click "Configure InfoPath form services."

Configure InfoPath form Services

2. Select the "Authentication to Data source" Check Box and click "OK".