Thanks a million for the respons.
We have considered rewritng reports and handeling incomming user authentication via a custom authentication on the ssrs server.
Our alternative is to move the ssas into the external domain and then push it into a locked down network which only allows very specific traffic from the external dc and the ssrs server in the dmz.
and allowing sql auth to the internal sql servers with limited firewall rules.
Both solutions has security implications but will solve the issue we hope.