08 November, 2007

Troubleshooting the RSS viewer web part

The RSS viewer web part is a quick and easy way to integrate external live content into a SharePoint portal. However, this seemingly simple web part appears to be causing trouble for a lot of people. Quite often it simply does not work straight off the bat because additional configuration is required.

First of all, if your environment is using a proxy server to access the Internet then the proxy details need to be added to the web.config file. Refer to this post on how to do this. If you have not configured this you will see the error "An unexpected error occured processing your request. Check the logs for details and correct the problem."

Once you have put in the proxy details in the web.config file you may hit another wall with the error "proxy authentication required" displayed in the web part. And this is despite the current user can access the feed directly in a browser.

The RSS viewer web part uses authentication delegation and is using the current user's credentials to access the proxy. However, the RSS viewer only supports anonymous and Kerberos authentication. So if you are using NTLM authentication the RSS viewer will not be able to authenticate the user through the proxy.

What you can do in this case is adding exceptions to your firewall so it will not prompt for authentication for certain URLs. The unfortunate downside of this of course is that every time a user adds a new RSS feed to a page the user needs to request the IT department to reconfigure the firewall.

Stay tuned to my SharePoint musings: Subscribe via email or RSS.

1 comment:

Eric Tweedy said...

1, The referenced setup in Web.config left out useDefaultCredentials="true". I don't see how this will work without it.

2. Depending on the proxy, you might get a 403 instead of a 407. This would be because the proxy sends a *Proxy-Authenticate: NTLM* header without inviting Negotiate or Kerberos. In that case, SharePoint will try to do NTLM and fail because it is a middle tier app and only has access to the server logged in user ID.

Our guys have yet to turn on Kerberos on our Blue Coat proxy, so I can't tell you if it works yet; hopefully in a few days.