"Authentication Failed: No credentials are available in the security package" error appears
kbt137564
PRODUCTIssue
The following error appears when trying to access K2 SmartForms or Workspace sites: "Authentication Failed: No credentials are available in the security package."Symptoms
After applying Microsoft Security Updates, the following error appeared:
"Authentication Failed: No credentials are available in the security package"
On the event logs, the following appear:
"Exception: SourceCode.Hosting.Exceptions.AuthenticationException: Authentication Failed : No credentials are available in the security package at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.WindowsAuthentication(SCConnectionStringBuilder connectionStringBuilder) at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.Authenticate(String connectionString) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.HandleIdentityImpersonation(Boolean asAppPool,
Action action) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.TryCredentialToken(BaseAPIConnection connection, String credentialToken, Boolean asAppPool) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.
GetPoolConnection(String credentialToken, Boolean asAppPool, Boolean& tokenApplied) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.OpenConnectionForAuthentication() at SourceCode.Security.Claims.Web.ClaimsHelper.
SaveBootstrapContext(BootstrapContext bootstrapContext, ClaimsIdentity claimsIdentity) at SourceCode.Security.Claims.Web.ClaimsHelper.OnValidateToken(SecurityTokenHandler tokenHandler, SecurityToken token, ReadOnlyCollection`1 claimsIdentityCollection, Boolean standardMapToWindows) at SourceCode.Security.Claims.Web.WIFExtensions.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)"
Resolution
The issue could possibly be caused by IIS_IUSRS Group Permissions change after Microsoft Security Updates were applied, or the K2 Service account does not have “Impersonate a Client after Authentication” rights.
Adding the K2 Service account to the IIS_IUSRS Group reset the permission settings for the K2 Service account which resolved the issue.
If the K2 application pool account is different from the K2 service account, the application pool account will need 'Impersonate a Client after Authentication'