We are using Windows Authentication for all our Smartform apps. We would like to use Mobile Iron's Web@Work on mobile devices to access the apps. This requires the fully qualified domain name to be used everywhere. e.g. http://server.domain.com:81 instead of http://server:81 Tracing a request shows the following
As you can see, the HTTP 302 uses a Location: http://workflow-qa:81 which does not use the domain name.
How can I make it add the domain name to the 302 redirect so Mobile Iron is able to complete the authentication handshake?
--2016-12-08 09:03:27-- http://workflow-qa.domain.com:81/Runtime/Runtime/Form/XXXX
Resolving workflow-qa.domain.com... 172.18.1.139
Connecting to workflow-qa.domain.com|172.18.1.139|:81... connected.
HTTP request sent, awaiting response... 302 Found
Location: /Runtime/_trust/Login.aspx?ReturnUrl=XXXX Xfollowing]
--2016-12-08 09:03:27-- http://workflow-qa.domain.com:81/Runtime/_trust/Login.aspx?ReturnUrl=%2fRuntime%2fRuntime%2fFormXXXX
Reusing existing connection to workflow-qa.domain.com:81.
HTTP request sent, awaiting response... 302 Found
Location: http://workflow-qa:81/Identity/sts/Windows/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2fworkflow-qa.domain.com%3a81%2fRuntime%2f&wctx=rm%3d1%26id%3d%26ru%3d%252fRuntime%252fRuntime%252fForm%252fXXXX
--2016-12-08 09:03:27-- http://workflow-qa:81/Identity/sts/Windows/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2fworkflow-qa.domain.com%3a81%2fRuntime%2f&wctx=rm%3d1%26id%3d%26ru%3d%252fRuntime%252fRuntime%252fForm%252fXXXX
Here is what I tried so far
The 302 Found Location: http://workflow-qa:81/Identity response is generated by K2 Identity Services. I modified the web.config in the Runtime folder to add the domain name to the realm as follows
<federationConfiguration>
<cookieHandler requireSsl="false" path="/" />
<wsFederation passiveRedirectEnabled="false" issuer="http://none" realm="http://workflow-qa.domain.com:81/Runtime/" requireHttps="false" />
I also went to /Runtime/Form/Manage+Site+Realms/ and modified the Realm and Audience URLs to add the domain name. Still didn't solve the Mobile Iron problem. But it broke the SmartForm Designer so I added another realm/audience entry for just the server:port.
What am I missing? K2 Support recommended that I reach out to this community/forum to see if anyone has been able successfully integrate K2 Smartforms with Mobile Iron Web@Work using Windows Authentication.
Thanks for any help.