Code Fix: Using the K2 Workspace App on an AAD environment, task retrieval fails at random intervals
KB003263
PRODUCT
Issue Description
When using the K2 Workspace App on an AAD environment, task retrieval fails at random intervals and an error occurs.
Error Message
The following error occurs: “Sorry something went wrong”.
Resolution
- Ensure you have K2 Five (5.2) installed.
- Download and install the K2 Five (5.2) May 2019 Cumulative Update from K2 Partner and Customer Portal.
- Download the K2 Five (5.2) May 2019 Cumulative Update FP6 from K2 Partner and Customer Portal.
- Install the K2 Five (5.2) May 2019 Cumulative Update FP6 to apply the fix.
- It is recommended to refresh the browser cache.
Considerations
For the fix to be applied correctly, please ensure that version 2.2.4 of the K2 Workspace App has been installed and follow the steps below.
After applying the K2 Five (5.2) May 2019 Cumulative Update FP6, the following changes need to be made to the web.config file under this location {K2InstallDir}WebServicesK2Api.
-
Update the config sections tag and add a location tag.
-
Also replace realm=”https://{smartFormsRuntimeServer}/Runtime/” in the wsFederation tag with the URL to your runtime.
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<system.identityModel>
<identityConfiguration saveBootstrapContext="false">
<caches>
<sessionSecurityTokenCache type="SourceCode.Security.Claims.Web.WIFExtensions.DistributedSessionSecurityTokenCache, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16A2C5AAAA1B130D" />
</caches>
<issuerNameRegistry type="SourceCode.Security.Claims.Web.IssuerNameRegistry, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" />
<certificateValidation certificateValidationMode="None" />
<audienceUris mode="Never" />
<securityTokenHandlers>
<remove type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.Saml2SecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<remove type="System.IdentityModel.Tokens.SamlSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="SourceCode.Security.Claims.Web.WIFExtensions.Saml2SecurityTokenHandler, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16A2C5AAAA1B130D" />
<add type="SourceCode.Security.Claims.Web.WIFExtensions.SamlSecurityTokenHandler, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16A2C5AAAA1B130D" />
<add type="SourceCode.Security.Claims.Web.WIFExtensions.DistributedSessionSecurityTokenHandler, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16A2C5AAAA1B130D" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" path="/" />
<wsFederation requireHttps="true" passiveRedirectEnabled="false" issuer="https://localhost/sts/issue/wsfed" realm="https://{smartFormsRuntimeServer}/Runtime/" freshness="0" />
</federationConfiguration>
</system.identityModel.services>
<location path="fed">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
- Then in the <system.web> tag replace the <authentication mode=”windows”/> tag and add an <authorization> tag.
<forms defaultUrl="Default.aspx" loginUrl="../Runtime/_trust/Login.aspx" requireSSL="false" enableCrossAppRedirects="true" cookieless="AutoDetect" timeout="9000" />
</authentication>
<authorization>
<!-- This is overridden for some folders, see location tags -->
<allow users="*" />
</authorization>
- Also replace the <system.webServer><modules > with the following.
<remove name="WebDAVModule" />
<!-- WIF -->
<add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
<!-- Claims Authentication module -->
<add name="ClaimsAuthenticationModule" type="SourceCode.Security.Claims.Web.ClaimsAuthenticationModule, SourceCode.Security.Claims.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16A2C5AAAA1B130D" />
</modules>