Symptoms

Manage Site Realms Security Form not working
 

Diagnoses

On the "Manage Site Realms" form, if we unchecked all the "Linked Issuers" of a realm and save it, the form will not work anymore.
The only way to resolve this issue will be to change the data directly on the K2 database.
 

Resolution

This is a known issue and the error is thrown if you have an invalid configuration, ie Realm is not mapped to any issuers. this will be fixed in 4.7.

A realm should be associated with at least one issuer

The cast error is due to the null for RealmID returned by this view


Identity].yvw_ClaimRealmsWithAudiencesAndIssuers]

Workaround:

Once the config is in this state we can only fix it by directly editing the db tables:
Looking at aIdentity].yClaimRealmIssuer] and nK2].2Identity].yClaimRealm]

There is now at least one realm that is not mapped to an issuer in the ClaimRealmIssuer table:

Identity].yClaimRealmIssuer]

IssuerID RealmID
1 1
1 3
3 1
3 3
4 1
4 3

Identity].yClaimRealm]

ID RealmUri

1 https://k2.denallix.com/ViewFlow/
2 https://k2.denallix.com/Designer/
3 https://k2.denallix.com/Runtime/

In this example, Viewflow and runtime is mapped to Issuer 1 (WindowsSTS), but Designer (RealmID = 2) is not mapped to any issuer.
The correct fix is to insert a mapping for the orphaned realm against the relevant issuer.

INSERT INTO TK2].2Identity].yClaimRealmIssuer] VALUES (1, 2)

This will map the Designer Realm to issuer WindowsSTS OOTB, you can then go to the page and rectify the issuers you actually want to use.