K2 blackpearl Product Documentation: Installation and Configuration Guide
Resolve Security Token Service Issuers
K2 blackpearl Installation and Configuration Guide > Installation > Installing a standalone system > Resolve Security Token Service Issuers Send feedback

Resolve Security Token Service Issuers Panel

This panel will only appear when there has been more than one K2 site (for example Workspace, Designer or Runtime site) registered on the farm.

If you are using Claims or have an environment with multiple domains you would have more than one potential Security Token service Issuer and this panel gives you the opportunity to choose which to use with K2.

Example: You may have an environment with a DMZ set up for certain users outside your company to access parts of your K2 environment but internal Issuers set up for your company users to access everything.

If the selected IIS binding in the Bindings panel does not match the URI for the Security Token Service in the K2 database Identity.ClaimIssuer table, you will need to resolve which STS issuer to use. You do this by making a choice on the Resolve Security Token Service Issuers Panel. For more information on the IIS Bindings see the topic: Workspace Web Site Configuration panel for either the Standalone installation or the Custom installation.

The STS URI may be different for these reasons:

  • This panel will only be displayed during an Upgrade or Reconfigure of the K2 environment.

Resolving the STS Issuer

  1. In the images below, note that the Uri column in the K2.Identity.ClaimIssuer table in the SQL K2 database does not match any of the selected bindings in the IIS Bindings panel:



    If you want to change the bindings for your sites, it is strongly recommended to run the K2 blackpearl Setup Manager. This will ensure that the environment library fields and the bindings / STS configuration remain in sync. Using the K2 Management page is the only other supported option.
  2. When you click OK on the bindings panel and the Bindings URL does not match the current K2 Windows STS Uri, the Resolve Security Token Issuers panel will open.
  3. As there is no current match between bindings in IIS and the Issuers in the database, you need to select which Issuer to use by checking the Use checkbox.
    • By selecting the Update checkbox, the Setup Manager will update the currently configured Issuer (the Uri in the database) with the URL selected on the Resolve IIS Bindings panel (which is the K2 Workspace URL).
    • Leaving the Update checkbox un-checked will leave the currently configured Issuer as it is.
    • Only one Issuer can be selected (at least one must always be selected).
    • All unique STS Issuers in the database will be listed here. If your WindowsSTS and FormsSTS Issuers have the same URL you will only see the first one listed.
    Existing claims tokens may be invalidated if you leave the Update box checked.
    NOTE: Update will be checked by default.
  4. Clicking OK will continue the installation.

 

 

 

K2 blackpearl Product Documentation: Installation and Configuration Guide 4.6.10