When using Active Directory with Windows Authentication in K2, a manager can view an employee's worklist as long as the proper org structure is added into AD (i.e. the 'manager' property is populated for all users). For example: Bob is the manager for Anthony and Blake; in AD boh Anthony and Blake are configured with Bob as the manager. Bob can go into K2 Workspace and see his own, Anthony's or Blake's worklist. This functionallity is built-in to K2.
Now, if we switch to using SAML claims and ADFS for authentication, things get a bit trickier. First of all, I would need to configure ADFS to pass the manager information in the SAML token using some claim type I invent. No problem. The particular value I pass in the claim would have to match the type of data I expect to use in the identity claim. For example: If I decide to use email address fo the identity claim of a user, I would likely need to configure the manager claim to pass the manager's email address (not their AD logon id or their AD distinguishedName). No problem (that I see yet).
However, I need to configure K2 to accept the manager claim type and use it's value as the manager of a user. I don't see where to configure K2 for this.
Has anyone done this?
Does K2 support the "managed worklist" ability for SAML claims like it does for Windows Authentication?
Does this work regardless of what kind of user store is on the back end (e.g. Active Directory, LDAP, SQL table, text file, etc)?
