K2 blackpearl Product Documentation: Installation and Configuration Guide
InfoPath Client
K2 blackpearl Installation and Configuration Guide > Installation > Integration Configuration > SharePoint > Claims-based Authentication > InfoPath Integration > InfoPath Client Send feedback

InfoPath Client

InfoPath Client Office applications, including InfoPath, look for authentication cookies in the persistent store when they are opened from SharePoint.  When the cookie is not found, a login prompt is presented to the user in the Office application to get the cookie for that session.


InfoPath has an issue with cookie retrieval that causes the cookies to be retrieved incorrectly and the login prompt not appearing when using InfoPath from a SharePoint Form Library that has been configured to “Open in the client application” ( InfoPath 2007 or InfoPath 2010 Filler).  This issue has been logged with Microsoft but a resolution is outstanding.  This topic provides workaround details to enable InfoPath client applications to work properly with SharePoint 2010 claims authentication.


The issue manifests in one of two ways depending on the SharePoint Server configuration of the UseSessionCookies value.  To determine which setting you currently have, run the following command from a SharePoint 2010 Management Shell. 

Copy Command
(Get-SPSecurityTokenServiceConfig).UseSessionCookies

 This will return either False (the default and preferred option) or True.  Refer to the section that matches your configuration for more details on working with InfoPath client in your environment.

UseSessionCookies=False


This setting causes SharePoint to write the FedAuth cookie value to the local cookies folder on the client.  However, the default forms authentication login page provides the ability to override this value causing the cookie to not be persisted to disk.  The “Sign me in automatically” check box determines if the cookie is persisted or not. When it is checked the cookie is persisted, otherwise it is not.
To ensure that the FedAuth cookie is correctly passed from SharePoint to the Office client applications, such as InfoPath Filler, the cookie needs to be persisted to disk.  To make this happen, the “Sign me in automatically” check box must be checked.

 Optional Configuration – Sign in Automatically by Default

You may prefer to change the default login page to ensure that the Sign me in automatically option is checked by default. 

WARNING: The steps below are provided for illustrative purposes.  A custom login page should be created and registered to ensure compatibility with future upgrades.
  1. Backup "C:\inetpub\wwwroot\wss\VirtualDirectories\{Your Claims WebApp Directory}\_forms\Default.aspx"
  2. Open "C:\inetpub\wwwroot\wss\VirtualDirectories\{Your Claims WebApp Directory}\_forms\Default.aspx"
  3. Add this script block after the </asp:login> control
Copy Script
<script type="text/javascript" language="javascript" >
    document.getElementById("ctl00_PlaceHolderMain_signInControl_RememberMe").checked = true;
</script>

UseSessionCookies=True


This setting causes SharePoint to store the FedAuth cookie value in the browsers local cache.  This cache is not available to Office client applications, forcing them to create their own FedAuth cookie via a login prompt.  However, InfoPath may incorrectly try to use an existing cookie, potentially from a different form-based user, from the local cache which will cause errors when interacting with web services.

Workaround Option 1 – Set UseSessionCookies to False

The preferred option when using SharePoint 2010 with Office client applications is to configure SharePoint to not use session cookies and follow the guidance in the UseSessionCookies=False section.  If this is not possible in your environment, see Workaround Option 2.

  1. Start SharePoint 2010 Management Console
  2. Execute the following commands
Copy Command
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $false
$sts.Update()
iisreset

Workaround Option 2

To ensure that all web service calls from InfoPath Filler are executed with the correct FedAuth cookie, you must make a call to the SharePoint List and Library service in InfoPath.  The communication with this service correctly forces InfoPath to provide a login prompt to get the FedAuth cookie with the current user’s information.

  1. Open the InfoPath form in Design mode:
    1. Before integrating with K2, via the InfoPath designer directly
    2. After integrating with K2, open the form in K2 Studio or Visual Studio via the InfoPath Process Wizard Design button
  2. Access the Form Load Rules
  3. Add a new Action rule that will run when the form is opened
  4. Add Query for Data action
  5. Create a new connection to: Receive data
  6. Select SharePoint library or list as your source of data
  7. Provide your SharePoint site details
  8. Select a list or library that has limited data and that all users will have access to such as Announcements.
    Important: Choose a list that currently has a small amount of data and that will not grow much in size over time.
  9. Leave the default ID selected on Select fields
  10. Do not select the option to Store a copy of the data in the form template
  11. Select the option to Automatically retrieve data when form is opened
  12. Save the form
  13. Publish the form
    1. From InfoPath designer, publish as you did before
    2. From K2 Studio or Visual Studio

i. Close InfoPath designer and wait for the confirmation that your process changes have been received

ii. Redeploy the process

 

 

K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.11