Symptoms

Suppose the following situation: You have multiple security labels configured. E.g. default K2 label and ADFS. After K2 has been configured with additional ADFS label you observe that SharePoint 2013 SmOs are working well when called from K2 smartforms but do not work when called from workflows or from SmartObjecrs Services Tester tool.
Attempt to execute SharePoint 2013 SmO from tester tool returns the following error message:

"The remote server returned an error: (401) Unauthorized.Failed to initialize the Context:
URL: https://your-sp-site.com"
 

Diagnoses

First thing to note in such scenario is that when ADFS security label/provider is configured in K2, K2 still requires you to have K2 label as K2 cannot work with ADFS label only. K2 always needs K2 label to do its own authentication using Windows service K2WTS which runs under Windows account.
Once ADFS label added and set as default from SmartForms you may see the situation when everything works correctly if users log into smartforms with ADFS credentials. But in such scenario K2 label is still used when calls are made from workflow or tester tool and in order to make this work for SharePoint 2013 SmOs SharePoint User Profile Application should synchronize AD users in addition to ADFS users. This is because K2 needs to get a token from SharePoint for a user with K2 label, i.e. AD user and not an ADFS user.

 

Resolution

Verify your SharePoint UPS application configuration and synchronization options making sure that AD DS users are syncing too. This should resolve an issue with non working SmOs when called from workflows or tester tool.