Skip to main content


 

Symptoms


After creating DNS entries and configuring host headers on the K2 bindings, a reconfigure left the environment in a state where runtime/designer were inaccessible. Another issue involved the sharepoint worklist web part not functioning with an error stating that Claims had not been configured.
 

Diagnoses


1. Using IE dev tools, we found that when accessing the new "friendly" URLs of uatforms.cineplex.com, we were redirected to the machine hostname to authenticate on the wrong port, causing the page could not be displayed error.

2. We checked the k2hostserver log and found authentication related errors when attempting to access the worklist web part. This error included a well formed SAML token, indicating that we did not have an issue decrypting the token, but rather had an issue somewhere in the mapping portion of the claims configuration.
 

Resolution

1. We updated the Identity.ClaimIssuer table to reflect the new URL and port for the Windows and Forms STS, after a service restart that issue was resolved.

2. Through review of the claims tables, we found that while we had a valid issuer for the SharePoint STS, the mappings all referred back to the windows STS issuer. In reviewing the ClaimTypeMap and ClaimTypeMapping table, we discovered the issue surrounded an incorrect ClaimTypeMapping entry that was using the issuer of '1' or the Windows STS, when it should have mapped to issuer '3', the sharepoint STS. We made the needed change and restarted the service, and the issue was resolved.





 
Be the first to reply!

Reply