Symptoms
Error after changing K2 to use SSL
Diagnoses
After running the configure option on the installer for BlackPearl and SmartForms and ensuring the bindings in IIS were correct the SmartForms Runtime and Design site are not working.
These are the steps I followed:
1. Installed the certificate on the K2 server
2. Created a new binding for the K2 site to use this new cert and added the host header of k2.denallix.com
3. I ran the setup for BlackPearl choosing the Configure option.
4. In the setup wizard I selected the new HTTPS url Use and Update check boxes in the "Resolve Security Token Service Issuers" step.
5. I ran the setup for the SmartForms choosing the Configure option and selected Use and Default checkboxes in the "Resolve IIS Bindings" steps for both Runtime and Design.
I get the following error when I go to the design or runtime site:
Server Error
No realm entries for 'https://k2.denallix.com/Designer/' was found.
More Details
at SourceCode.Security.Claims.Web._trust.login.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Booleanand completedSynchronously)
Resolution
Although it seems that the appropriate https realms were detected and added in the DB tIdentity].nClaimRealm], the mapping between these realms and the default windowsSTS issuer was not present in the iIdentity].nClaimRealmIssuer] table.
After adding the appropriate mappings (can use out-of-the-box Smartform SSystem > Management > Security > Forms > Manage Site Realms] to map the new realms to default K2 Windows STS Issuers) for Designer, Runtime, and Viewflow we were able to access the Designer and Runtime within the intranet.
*As the Designer was not loading, disable Forms Authentication and enable Windows Authentication temporarily, make the appropriate Claims-Realms changes, and change it back to Forms Authentication.
Accessing from the internet resulted in the error during the redirect to Windows STS:
500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
We determined that it was HTTP Filtering by the TMG, as per:
https://www.serverknowledge.net/forefront-tmg/the-request-was-rejected-by-the-http-filter-contact-the-server-administrator-12217/
https://technet.microsoft.com/en-gb/library/cc995081.aspx