Upgrading Secondary Runtime Sites

It is possible to configure a single K2 site with multiple authentication providers. (It is also possible to create a copy of your site for each authentication method, as described in Configuring a Secondary SmartForms Runtime Site. In some cases it may be desirable to continue having multiple sites rather than consolidate to a single site.) This topic describes the steps necessary to upgrade these copied sites to the latest product version and reconfigure them for the appropriate authentication method using the Claims based/Realm model.

Before you make the decision to upgrade your copied sites, review the Multi-Auth providers topic to understand if a single Multi-Auth enabled site would meet your needs. If you want to consolidate refer to the Consolidation to Multi-Auth topic for detailed steps.

Configuration

These high-level steps are provided for those familiar with upgrading the product and configuring authentication methods. For a detailed guide, see the Detailed Steps section below.

  1. If necessary, upgrade your primary site to the latest product version.
  2. Copy the upgraded primary site over the secondary sites.
  3. Configure Realms for the secondary sites.
  4. Configure Claims for the secondary sties.

Detailed Steps

The product installer will upgrade your primary site, both design-time and runtime. Any sites that were copied in order to facilitate different authentication modes will not be upgraded by the installer. Only those sites that were created through the product installer will be upgraded.

Since the installer does not upgrade the copied sites, you will need to manually copy the files from the upgraded primary site over the files in the copied sites. Once this is done the sites will no longer be configured for the desired authentication modes. The subsequent steps will guide you on configuring the appropriate authentication mode for each site using the new Realm model.

In the new Realm configuration model all the site authentication configuration is stored centrally in the K2 database. Realms are used in order to distinguish which sites use which types of authentication. For each secondary site that you are upgrading follow the steps below to create the Realm and configure the site to map to the Realm.

  1. Open the Management Site and browse to Authentication> Claims> Realms your primary runtime site.
  2. Under Realms click New.
  3. For the URI field enter the URL to your supplementary site (Example: https://k2.denallix.com/RuntimeSQLUM/)
  4. For the Reply URI field enter the relative URL to the site (Example: /RuntimeSQLUM/).
  5. For the Linked Issuers you can select the appropriate option if it is available. If you don’t see the appropriate option leave the check boxes blank. The configuration steps in Step 4 will guide you through configuring an appropriate Issuer.
  6. Click OK to add the Realm.
  7. Open the web.config file for the secondary site and locate the Federation Configuration section.
  8. For the cookieHandler property set the path value to be the same as the Reply URI you configured above but without the trailing slash (example: /RuntimeSQLUM) or set it to the current working directory by using just a slash (example: path="/").
  9. For the wsFederation property set the realm value to be the same as the Realm URI you configured above (Example: https://k2.denallix.com/RuntimeSQLUM/)
  10. Save and close the web.config file.

The final step is to configure or clean up the imported Claims configuration depending upon the type of authentication you want to enable for the site. The documents listed below have all the necessary steps for configuring a site to use each authentication mode. You may have already completed some of the steps in these documents as they assume that you are starting from scratch rather than upgrading. Since you are upgrading existing sites, the most important parts are the steps around the Issuer and Claim Mapping configurations. If you are upgrading an AD FS configured site, some of the Claim configuration will have been automatically imported into the database but you will need to fill in some additional details. If you are upgrading a Forms Authentication site that used SQLUM, there will be no imported claims configuration and you will need to follow all the steps.

When WindowsSTS authentication or FormsSTS authentication is enabled, it is important to frequently save work that has been done in the Designer as work might be lost when the same session is left open for 8 hours or longer.