Configure SmartForms for SQL Server User Manager (SQLUM)

You do not need to SSL-enable your SmartForms site but it is recommended.

1. Open Internet Information Services (IIS) Manager.
2. Right-click the K2 site and select Edit Bindings.
   
3. Click Add.
4. Select https from the Type drop-down list and type a new number into the Port field, typically 443.
5. Select the certificate to use for your site. (In this example from the Denallix VM it is the *.denallix.com April 2016 Certificate, purchased from a valid Certificate Authority)
   When working with internal systems, self-signed and domain certificates can work instead of purchased certificates. If you plan to also integrate with an online system like Azure Active Directory, you must use a purchased certificate from a root authority.
   
   
6. Rerun the K2 Setup Manager to confirm the new binding.

To be able to use the Forms STS for login, check the Use for Login setting box. This enables you to select this issuer on the SmartForms login page.

1. Open the Management site and browse to Authentication > Claims > Issuers.
2. Select the Forms STS and click Edit.
3. Check the Use for Login check box and click OK.
   
   
   Find the thumbprint in the web.config file at the following location: <install drive>:\Program Files\K2\WebServices\Identity\Sts\Forms\web.config
   

Use claim mappings to identify the incoming claims and map them to the appropriate security label.

1. Open the Management site and browse to Authentication > Claims > Claims.
2. Click New on the Security Label section and the New Claim Mapping page opens.
3. Select the K2SQL label in the Security Label drop down.
4. You do not need to check the Claim Type Info check box unless the SQL users are also used in SharePoint.
5. Select K2 Forms STS from the Issuer drop down.
6. For Identity Provider Original Issuer field enter FormsSTS.
7. For Identity Provider Claim Type enter http://schemas.microsoft.com/identity/claims/identityprovider
8. For Identity Provider Claim Value enter FormsSTS.
9. For Identity Original Issuer field enter FormsSTS.
10. For Identity Claim Type enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
11. Leave Identity Claim Value empty as this claim is different for each user.
12. For Security Label Original Issuer enter FormsSTS.
13. For Security Label Claim Type enter http://schemas.k2.com/identity/claims/securitylabelname
14. Click OK to add the mapping.
    

    

The Realm is the unique value that associates the SmartForms site with the claims authentication options. Audience URIs are the actual URLs used to access the site. You can specify additional Audience URIs for a single Realm. For example, if you use https://k2.denallix.com/Runtime and http://dlx:81/Runtime to access the SmartForms site, you must add both URLs as Audience URIs.

1. Open the K2 Management site and browse to Authentication > Claims > Realms.
2. The list of realms should be preconfigured with your Runtime, Designer, Identity, and View Flow realms as well as Audience URIs. Follow these steps for each realm needing SQLUM authentication:

1. Select the Realm and click Edit.
2. In the Edit Realm dialog use the check box list to select the issuers to map to the realm. For SQLUM, select the K2 Forms STS.
   
3. Click OK.
   
To bypass the login method selection page and force users to log in using SQLUM and their SQL credentials, make sure you select only the K2 Forms STS as a linked issuer when editing your realms.

If Forms STS is the only authentication configured in the realm to issuer mapping you are redirected to a login page. If you have configured other authentication modes, you see a page that lets you select the Login method to use as shown below. Note that after making these changes, you may need to clear your browser cache to reset cached credentials.