Skip to main content
Nintex Community Menu Bar

Hello,

 

we have been experiencing problems with publishing K2 on WAP.

 

We created a https binding on the iis and HTTPS/k2server.domain.hr  SPNs on the k2 service user. The K2 service user in AD has the "Trust for delegation to any service" option selected. On ADFS we created a non-claims relying party trust with the url https://k2server.domain.hr. We than published the url on the WAP server.

The preauthentification method that is used is ADFS and the WAP servers have delegation to HTTPS/k2server.domain.hr. Internally, k2 has  Windows, negotiate as an auth method.

 

This setup has worked for a week and than suddenly stopped working. When we try to connect to the published url, sts login site is presented, we type our username and password and the k2 site returns an HTTP 500 error. No changes have been made. The same thing happend when we added a claims based trust in ADFS - it worked for a week and than stopped working out of the blue. That is why we changed the trust to non-claims.

 

We republished the site and now it works but it's a matter of time when it stops working. Also, how can we publish the site so that the K2 app works?

 

Best regards.

Hello,


 


When you're referring to the App are you talking about SharePoint App or Mobile App.


 


For mobile review the following documentation:


http://help.k2.com/onlinehelp/k2mobile/userguide/current/default.htm#K2Mobile/LandingPage/LandingPage.htm


Hello,

 

I am talking about the mobile app. I stumbled upon the article, but I'm not sure how to setup the authentification methods since the entire site works with Windows/negotiate and the url on wap is published with ADFS preauth. method. In this article https://help.k2.com/onlinehelp/k2mobile/userguide/current/default.htm#K2Mobile/Configure/Use-K2Mobile-Auth-ADFS.htm%3FTocPath%3DConfiguring%2520your%2520K2%2520Environment%2520for%2520Mobile%2520Applications%7CAlternative%2520Authentication%2520Mechanisms%7C_____2

 

 it says that you need to configure the entire k2 runtime site for ADFS (step 2) ,but  we would like to remain on windows.

 

Best regards,
Veronika


Hello,


 


You’re going to probably will have to integrate your ADFS to Windows/Local authentication. Below is an article for reference of what I am talking about. Also, it might be best interests to talk to someone in Remote Mentoring about setting something up with mobile, as it seems it going to be a special kind of authentication and could require guidance.


 


Article:


https://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx .


 


Hello,

 

thank you for your answer. Can you please tell us if the option of publishing the entire k2 site on WAP with only pass-through is a secure enough option since a few subsites have anonymous auth enabled? On our k2 servers we use windows/kerberos authentification. We posted a ticket on the k2 portal a few weeks ago but haven't received an answer. Who can we contact further?

 

Best regards


Reply