SharePoint In Action

An attempt to share my day-to-day SharePoint experience

Archive for the category “SharePoint 2013 Errors”

InfoPath 2013 – How to populate the logged-in user information using GetUserProfileByName


Claim-based authentication has been chosen as the default authentication method for SharePoint 2013 and as result, I had a tough time getting the logged in user’s information in my InfoPath form using the familiar GetUserProfileByName web service method which I used to conveniently use in my InfoPath forms with SharePoint 2010.
The difference now is that the claim-based request adds a “0#.w|” in front of the user’s domain account. So my account would look like “0#.w|mydomain\naderheshmat” instead of “mydomain\naderheshmat” and this is what makes the web services methods break in InfoPath and you would get “Access Denied error” 😦

It turned out that I had to take following steps to make it work:

1- Create a new domain user account for your to be used for setting up the Secure Store Target Application. We call it “yourdomain\InfoPathUser”. This user should have at least read access to your site

2- Setup a Secure Store Target Application entry called something like InfoPathID. Make sure the target application type is Group and that you are using yourdomain\InfoPathUser and its password for windows user name and password fields. In my case my Target Application Members were all users.

3- Create a Data Connection Library in your site or use a already existing one as a place to keep .udcs files created in your InfoPath form.

4- Create a GetUserProfileByName secondary data connection in your InfoPath form (we call it GUP) and convert it to a connection file and use the address of your Data Connection Library for the place to save the .UDCX file

5- Go to your Data Connection Library and download the udcx file you just created. Open it and edit the XML tag to look like this:

              <udc:SSO AppId=’InfoPathID‘ CredentialType=’NTLM’ />

Note that we used the secure store application ID InfoPathID here.

6- Save the file and upload it back to the Data Connection Library.

7- In your InfoPath form create a rule called Rule1. For simplicity we create it as a Form Load rule. Under queryFields node of your data connection (GUP) set the “AccountName” to formula:
substring-after(userName(), “0#.w|”)  and then hit Verify Formula.

8- Create another rule called Rule2 and choose “Query for Data” using GUP.

You are all set. All you need to do is populating your fields the old fashion way. For more information for how to populate user’s info please take a look at:

Nader Heshmat


ValidateCredentialClaims – Access Denied: Claims stored in the credentials did not match with the group claim for a group app.

Users were getting an error when they were trying to access the SharePoint site content. I checked the logs and found below errors:

ValidateCredentialClaims – Access Denied: Claims stored in the credentials did not match with the group claim for a group app.
Access is denied to the Secure Store Service.

In my case this was related to the members of my “Target Application” in my “Secure Store Service”. To fix it I went to Central Admin > Application Management > Manage Service Applications > Secure Store Service and edited the Target Application ID. I went to the third page by hitting Next.
I just added my members(or groups) to my target application’s member section.



Nader Heshmat

Post Navigation