How to configure SmartObject OData API to authenticate against ADFS

  • 15 February 2022
  • 0 replies

Userlevel 1
Badge +7


By default the SmartObject OData API in K2 uses Basic Authentication to authenticate users. When users login, K2 will attempt to authenticate users against their Active Directory domain.


If you have configured your K2 environment to use ADFS, and you want ADFS users to use the SmartObject OData API, you will need to configure the SmartObject Data API to use ADFS.



On the web server hosting your SmartObject Data API,

  1. Open IIS Manager, expand your K2 site > Api, select odata. Select Authentication, which will bring you to the IIS Authentication settings for the OData API. Disable Basic Authentication, and only leave Anonymous Authentication enabled.

  2. Go to [Program Files]K2WebServicesAPISmartObjectService.OData, create a backup of web.config

  3. Edit web.config with a text editor. Add the following line under <appSettings>:

    <add key="DefaultSecurityLabel" value="K2ADFS" />

    Note that for the DefaultSecurityLabel, this should be the security label that you have created for your ADFS when configuring K2 to use ADFS. You may have given your ADFS security label a name different from "K2ADFS", so please check what is your ADFS security label and fill it in accordingly.

  4. Save the changes.

  5. Run IISRESET to apply the changes.

To test if the settings work, you can open your SmartObject OData API URL in a Chrome incognito window, and when prompted to login, use the username you are using when on your ADFS login page. This is usually your UPN or email address. 


If you are able to login successfully, you will see the list of SmartObjects you have exposed.


Additional Information


0 replies

Be the first to reply!