We have a user whose last name was updated in AD (affecting logon name, email, name, etc.) -- SID stays the same. That user should have access to the K2 forms via membership in an AD security group, but ever since the name change, the user receives a "Server Error in '/Identity/STS/Windows' Application" message when they navigate to the form in their browser.
I'm trying to piece together information about how K2's identity cache works and how it might be contributing to the issue. I do see an entry in the Identity.Identity table that matches the user's SID but references the user's old name. The ExpireOn and ContainersExpireOn dates have passed and Enabled is marked 0.
It seems like maybe the identity service is choking because there's already an entry for that SID but maybe it can't renew it since the other fields have changed or something like that. Any advice on clearing this up or explanation of the identity cache would help. All I've had to go on is this page.
Thanks!