Symptoms

I have a custom security (SSO) provider that I have created for Lotus Notes. I?ve got the security provider code created, credentials cached in Workspace, and it is selected as the SSO provider for our Endpoint Broker. However, I keep receiving a 401 - Unauthorized from the web service endpoint.

This broker works properly if I switch from SSO to Static authentication and manually enter the username/password. But as soon as I try to switch to my SSO provider, it does not authenticate. If do *not* store my cached credentials in Workspace, the SMO tester also does not prompt me for a username/password.
 

Diagnoses

When registering a web server service instance, using a custom security provider, it?s required to field in the user name and password information of an impersonating account in the service instance configuration. In other words, an account information that can authenticate against the web service endpoint(this can also be the cached account information).
 

Resolution

Executing a SmartObject method against the web service after the fact uses the cached SSO creds in K2 workspace. This is expected behavior and currently as designed.