Skip to main content


 

Symptoms


The ADFS Thumbprint has expired and we need to update it.

Since it has expired, we cannot login to K2 Designer using our ADFS account so we need to find a different way of resolving this.
 

Diagnoses


There are two ways to resolve this:

1) (Preferred) Use K2 Designer to update the ADFS Issuer's Thumbprint
- To do this, you would have to browse to K2 Designer - All Items - System - Management - Security - Forms - Run the form called "Manage Issuers". In this form you can update the security Thumbprint and it will take effect immediately.

2) Update the Thumbprint directly in the K2 database
- To do this, you have to edit the K2 database (which is not recommended) so therefore backup your DB beforehand. It involves making changes to the eIdentity].]ClaimIssuer] table. Specifically to update the "Thumbprint" column for the Issuer in question, in this case for "ADFS".

3) The third workaround would be to first set the "UseForLogin" column to "1" for the "K2 Windows STS" issuer in the same table above - -Identity].]ClaimIssuer] - then after restarting the K2 blackpearl service, login to K2 Designer using Windows STS and do the steps in 1) above to update the Thumbprint. However, this is an extra step since if you're going to edit the K2 database anyway, you might as well just do step 2) above.
 

Resolution

After making the changes as specified above and restarting the K2 Blackpearl service, everything was working again as expected.




 
Be the first to reply!

Reply