Symptoms
ISSUE 1:
When I try to do the registration wizard on Sharepoint OneLine, I get the following error message : "K2TSTS10001: An error occurred while processing a WS-Federation sign-in request (invalid_realm)"
ISSUE 2:
When I try to do the registration wizard on Sharepoint OneLine we get no answer (spin-off display without result)
Diagnoses
DIAGNOSIS 1:
Context:
We do an initial installation with only the K2 RunTime url accessible to internet (public) but the registration wizard ask for having designer and Workspace.
After add Designer and Workspace on the same Site of the RunTime (using the K2 Setup manager), we get AAD and AAD1 on the Security Label table and not homogeneous URLS (sometime internal sometime public) on the environment variables
We check if we are able to connect to the Runtime URL from an other network (K2 Partner):
https://{CustomerURL}.net/Runtime
and select "K2 Trust for Azure AD".
We tested with the customer on my machine with "K2 Windows STS", after fill the login, we access to designer as expected.
DIAGNOSIS 2:
Context:
We do an initial installation with only the K2 RunTime url accessible to internet (public) but the registration wizard ask for having designer and Workspace.
After add Designer and Workspace on the same Site of the RunTime (using the K2 Setup manager), we get AAD and AAD1 on the Security Label table and not homogeneous URLS (sometime internal sometime public) on the environment variables
Resolution
RESOLUTION 1:
We fix this issue by replace the internal URL from the private one by the public one for the following Environment Field of the Environment Library:
Web Service URL
Workspace Url
ODataMetadataUrl
SmartForms Designer Runtime URL (Note: was not the default: should have not impact on our case)
SmartForms Runtime URL (Note: was not the default: should have not impact on our case)
RESOLUTION 2:
We check on the table [Authorization].[OAuthResource] and we get only one record.
This record was linked to the Security label ADD1: OAuthReourceID on the table [HostServer].[SecurityLabel] column [AuthInit])
We follow these step:
1) Delete the [HostServer].[SecurityLabel] not linked to the only found [Authorization].[OAuthResource] (We delete the AAD).
2) Rename the ADD1 TO AAD: UPDATE [HostServer].[SecurityLabel] SET SecurityLabelName='AAD' WHERE SecurityLabelName='AAD1'
3) Do the same on the Claim table but using the Management site: Go to claims and remove AAD1. After Rename AAD1 to AAD.
4) Restart the K2 Service.
