Skip to main content
Nintex Community Menu Bar

Hi All,

 

Does anybody have any experience of building custom security providers?  We've followed the guides to allow K2 to authenticate against an existing user repositry (ASP.NET MVC5 MS Identity based) and whilst we have a fairly solid, cusomizable and generic solution in place there is a specific bit of behaviour that we're seeing that we can't explain which surfaces when filtering users lists in the web client.

 

As a basic test, if we set some process rights in the K2 management app, when searching for users from this custom security provider we've noticed that the function:

IUserCollection FindUsers(string groupName, IDictionary<string, object> properties)

 

is called twice.  The first time we see the filter properties being passed correctly and  the filter terms correctly set, but immediatley after completion it's executed again but with no filter properties provided so returns a full un-filtered list of users!?

 

We've traced everything through our own code base and it's is not making the additional call, so all that I can assume is that the K2 Server is making it but I'm at a loss as to explain why?  We have a workaround in place to allow filtering to be correct but I'd prefer to not need to include this if it's not needed.

 

I haven't shared this issue directly  with k2 support as yet as I suspect due to the cusom nature of it, it's not a typically supported activity.

 

Can anyone from the community shed any light on this?

 

Thanks,

 

Paul.

Just as a follow up  if anyone else hits this issue we've solved it...

 

When K2 searches for users it first issues a FindUsers request by the property UserName which was the first call we were seeing but then a second by display name.  

 

Originally our CSP didn't have the disply name filter property defined as one of the user object's standard properties which we hadn't spotted. As this wasn't defined the host server sent a second FindUsers request which was intended to be filter by DispalyName but as this wasn't a valid proprty it was called it with no arguments resulting in all users being returned incorrectly.

 

I've not seen documentation that says that the Display Name is a required property (To be honest I've not seen much upto date documentation surrounding this area) so I suspect this is a bug within the product but one that's not going to cause too many problems to most people...

 

Cheers,

 

Paul.


Hi Paul, i'm trying to implement the custom security provider. But when i look at the Host Server log, it didn't call the method AuthenticateUser. any suggestion for this problem?


Hi,

 

Appologies for the late notice - I didn't get an alert for the response so missed the post and suspect that you may have solved the issue now.

 

The first thing I would check is do you have the custom security provider registered and set up with a security label and security provider (i.e. coupled it with a login screen?)

 

Best regards,

 

Paul.


Dear Paul,

 

I'm also stuck with a similar problem. I've followed the documentation on how to develop a custom security provider. Coming in to the SmartObject Tester, it couldn't pull out the custom provider I had registered in the DB.

 

Any suggestions?

 

Thanks!


My initial thought was how (possibly why) are you registering / interogating it via the SmartObject tester?  This isn't something that we used during our installation and configuration (That's not to mean there isn't a another or better way of doing what we did - I'm just not aware of it)

 

A few of the steps we went through:

  1. We registered our custom security provider (.NET dll) as an assembly within the K2 database @ HostServer].rAssemblyRegistration]
  2. Placed the dll in the security provideres directory @ "C:Program Files (x86)K2 blackpearlHost ServerBinsecurityproviders"
  3. Registered a new security label
  4. We then set up the claims based authentication, setting up an Issuer, claim mappings & the realms

Once all this was in place, via logging in our custom security provider (and hooking up VS Debugger) we could see K2 using the new assembly and interegating our user & role manager.

 

Hope this helps!

 

Paul.


Hey Paul,

 

Can you please share your implementation if there is no sensitive data involved. I am trying to build my custom security provider using the default which is shared on k2 GITHUB  but my security label is not getting displayed  neither any of the breakpoints is getting hit. I have followed the below example:-

 

GitHub Example.

https://github.com/K2Documentation/K2Documentation.Samples.SecurityProvider

 

Following are the steps that I have done to register the assembly:-

  1. Signed and compiled the custom assembly.
  2. Got the public token of the custom assembly.
  3. Copied all the custom assembly dll and pdp files in  “
  4. Edited the K2HostServer.config  and updated the “useassemblyregistration” attribute as true.
  5. Inserted the following records in K2 database (Below are the snap shot for the same)
    1. AssemblyRegistration
    2. SecurityProviders
    3. SecurityLabels

Reply