Configure SSL
This content applies to legacy components (such as K2 Studio and K2 for Visual Studio), legacy assemblies , legacy services or legacy functionality. If you have upgraded from K2 blackpearl 4.7 to K2 Five , these items may still be available in your environment. These legacy items may not be available in new installations of K2 Five . These legacy items may also not be available, supported, or behave as described, in future updates or versions of K2. Please see the legacy component support policy for more information about support for these components.
The information in this section provides details for ensuring that SSL is configured for the web site hosting K2 Services and its web.config. All steps assume a default K2 installation.
IIS settings
- Start Internet Information Services (IIS) Manager
- Navigate to {Server} > Sites > K2
-
Select Bindingsā¦ and Add a binding for https selecting the appropriate SSL certificate
-
Select OK to see the Site Bindings
- Close the Site Bindings dialog
-
Select SSL Settings and ensure the following
- Require SSL: unchecked (default)
-
Client Certificates
- Ignore: checked (default)
- Navigate to {Server} > Sites > K2
-
Select Authentication and ensure the following
- Windows Authentication: Enabled
- Anonymous Authentication: Disabled
-
Basic Authentication: Disabled NOTE: K2 implements Basic for you
- Highlight Windows Authentication and select Providersā¦ and ensure the following:
- Providers: NTLM; Negotiate
- Navigate to {Server} > Sites > K2 > K2Services
-
Select SSL Settings and ensure SSL is not enabled.
- Require SSL: unchecked (default)
-
Client Certificates
- Ignore: checked (default)
-
Navigate to {Server} > Sites > K2 > K2Services
-
Select Authentication and ensure the following
- Windows Authentication: Enabled
- Anonymous Authentication: Enabled
- Basic Authentication: Disabled NOTE: K2 implements Basic for you
-
Navigate to {Server} > Application Pools
-
Select K2 and ensure the following:
-
.NET Framework Version: 2.0
-
Pipeline mode: Classic
-
Web.config Settings
- Open %PROGRAMFILES%\K2\WebServices\K2Services\web.config
-
To support BASIC + HTTPS
-
Set the requireSSL tag to True
<configuration>
<sourceCode.services>
<basicAuthentication requireSSL="True" enabled="True" cachingEnabled="True" cachingDuration="15" defaultSecurityLabel="K2" />
</sourceCode.services>
</configuration> -
Set the service endpoints and base addresses for HTTPS
<services>
<service behaviorConfiguration="SourceCode.Services.RestBehavior" name="SourceCode.Services.SyncRest">
<endpoint address="Task" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ITaskService" />
<endpoint address="Identity" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
<endpoint address="Core" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
<host>
<baseAddresses>
<add baseAddress="https://api.denallix.com:443/K2Services/SyncRest.svc" />
</baseAddresses>
</host>
</service>
<service behaviorConfiguration="SourceCode.Services.SoapBehavior" name="SourceCode.Services.SyncWcf">
<endpoint address="Task" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ITaskService" />
<endpoint address="Identity" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
<endpoint address="Core" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
<host>
<baseAddresses>
<add baseAddress="https://api.denallix.com:443/K2Services/SyncWcf.svc" />
</baseAddresses>
</host>
</service>
</services> - Set the security mode to Transport for the endpoint bindings
<bindings>
<webHttpBinding>
<binding name="SourceCode.Services.SyncRestBinding+HTTPS">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="SourceCode.Services.SyncWcfBinding+HTTPS">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings> -
Set the requireSSL tag to True
-
To support Windows + HTTPS
-
Set the service endpoints for HTTPS
<services>
<service behaviorConfiguration="SourceCode.Services.RestBehavior" name="SourceCode.Services.Rest">
<endpoint address="Process" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IProcessNavigationService" />
<endpoint address="Worklist" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IWorklistNavigationService" />
<endpoint address="Identity" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
<endpoint address="Core" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
<host>
<baseAddresses>
<add baseAddress="https://api.denallix.com:443/K2Services/Rest.svc" />
</baseAddresses>
</host>
</service>
<service behaviorConfiguration="SourceCode.Services.SoapBehavior" name="SourceCode.Services.Wcf">
<endpoint address="Process" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IProcessService" />
<endpoint address="Worklist" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IWorklistService" />
<endpoint address="Identity" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
<endpoint address="Core" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
<host>
<baseAddresses>
<add baseAddress="https://api.denallix.com:443/K2Services/WCF.svc" />
</baseAddresses>
</host>
</service>
</services>
-
Set the service endpoints for HTTPS
<services>
- Set the security mode to Transport for the endpoint bindings
<bindings>
<webHttpBinding>
<binding name="SourceCode.Services.RestBinding+HTTPS">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="SourceCode.Services.WcfBinding+HTTPS">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>