After running K2 Setup Manager to configure K2, you are unable to access K2 sites and a "No audiences configured for realm" error appears
After running the K2 Setup Manager and Configuring a K2 environment, users will get an error similar to the following when accessing K2 Sites (Designer, Runtime, Management, etc.):
Error: "System.IdentityModel.Protocols.WSTrust.InvalidRequestException: No audiences configured for realm: 'https://k2workspace.denallix.com/Designer/"
- All users are affected
- You see this on a K2 server that has the K2 Sites split into different IIS Web Applications. E.g. your Designer/Runtime site is not on the same Web app as your View Flow, Identity, K2Api sites.
- You will notice that the URL mentioned in the above error is an invalid URL. The actual host header used in that URL is incorrect and should be tied to your SmartForms site binding.
- Your K2 Claims configuration is correct:
- Other environments that haven't had the Setup Manager run with Configuration, do not show this error.
This is a known issue in K2 Five and has been resolved with the release of K2 5.1. To completely prevent this issue, it is recommended that you upgrade to K2 5.1.
As an intermediate fix, go through the steps below to update the web.config files for the K2 Designer and K2 Runtime sites:
1. Edit the two following web.config files located in the K2 install directory:
C:Program FilesK2K2 smartforms DesignerWeb.config
C:Program FilesK2K2 smartforms RuntimeWeb.config
2. Find the following line in these files:
<wsFederation passiveRedirectEnabled="false" issuer="http://none" realm="https://k2workspace.denallix.com/Designer/" requireHttps="false" />
3. In here you should see that the value for the realm attribute is incorrect and uses the wrong site binding. Manually update the URL here to use the correct URL for your SmartForms sites.
4. Once updated on both the Runtime and Designer files, make sure to save these files.
5. Run an IIS reset via command prompt.
6. Now when you access your K2 Sites again and you will no longer see the error.