Configure SSL

The information in this section provides details for ensuring that SSL is configured for the web site hosting K2 Services and its web.config. All steps assume a default K2 installation.

IIS settings

Start Internet Information Services (IIS) Manager
Navigate to {Server} > Sites > K2
Select Bindings… and Add a binding for https selecting the appropriate SSL certificate
Select OK to see the Site Bindings
Close the Site Bindings dialog
Select SSL Settings and ensure the following
- Require SSL: unchecked (default)
- Client Certificates
  - Ignore: checked (default)
Navigate to {Server} > Sites > K2
Select Authentication and ensure the following
- Windows Authentication: Enabled
- Anonymous Authentication: Disabled
- Basic Authentication: Disabled NOTE: K2 implements Basic for you
- Highlight Windows Authentication and select Providers… and ensure the following:
- Providers: NTLM; Negotiate
Navigate to {Server} > Sites > K2 > K2Services
Select SSL Settings and ensure SSL is not enabled.
1. Require SSL: unchecked (default)
2. Client Certificates
  1. Ignore: checked (default)
Navigate to {Server} > Sites > K2 > K2Services
Select Authentication and ensure the following
1. Windows Authentication: Enabled
2. Anonymous Authentication: Enabled
3. Basic Authentication: Disabled NOTE: K2 implements Basic for you
Navigate to {Server} > Application Pools
Select K2 blackpearl and ensure the following:
1. .NET Framework Version: 2.0
2. Pipeline mode: Classic

Web.config Settings

Open C:\Program Files (x86)\K2 blackpearl\WebServices\K2Services\web.config
To support BASIC + HTTPS
1. Set the requireSSL tag to True
  <configuration>
    <sourceCode.services>
      <basicAuthentication requireSSL="True" enabled="True" cachingEnabled="True" cachingDuration="15" defaultSecurityLabel="K2" />
    </sourceCode.services>
  </configuration>
2. Set the service endpoints and base addresses for HTTPS
  <services>
    <service behaviorConfiguration="SourceCode.Services.RestBehavior" name="SourceCode.Services.SyncRest">
      <endpoint address="Task" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ITaskService" />
      <endpoint address="Identity" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
      <endpoint address="Core" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.SyncRestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
      <host>
        <baseAddresses>
          <add baseAddress="https://api.denallix.com:443/K2Services/WCF.svc" />
        </baseAddresses>
      </host>
    </service>
    <service behaviorConfiguration="SourceCode.Services.SoapBehavior" name="SourceCode.Services.SyncWcf">
      <endpoint address="Task" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ITaskService" />
      <endpoint address="Identity" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
      <endpoint address="Core" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.SyncWcfBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
      <host>
        <baseAddresses>
          <add baseAddress="https://api.denallix.com:443/K2Services/WCF.svc" />
        </baseAddresses>
      </host>
    </service>
  </services>
3. Set the security mode to Transport for the endpoint bindings
<bindings>
  <webHttpBinding>
    <binding name="SourceCode.Services.SyncRestBinding+HTTPS">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </webHttpBinding>
  <basicHttpBinding>
    <binding name="SourceCode.Services.SyncWcfBinding+HTTPS">
      <security mode="Transport">
        <transport clientCredentialType="None" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
To support Windows + HTTPS
1. Set the service endpoints for HTTPS <services>
    <service behaviorConfiguration="SourceCode.Services.RestBehavior" name="SourceCode.Services.Rest">
      <endpoint address="Process" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IProcessNavigationService" />
      <endpoint address="Worklist" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IWorklistNavigationService" />
      <endpoint address="Identity" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
      <endpoint address="Core" behaviorConfiguration="SourceCode.Services.RestBehavior" binding="webHttpBinding" bindingConfiguration="SourceCode.Services.RestBinding+HTTPS" contract="SourceCode.Services.ServiceContracts.ICoreService" />
      <host>
        <baseAddresses>
          <add baseAddress="https://api.denallix.com:443/K2Services/WCF.svc" />
        </baseAddresses>
      </host>
    </service>
    <service behaviorConfiguration="SourceCode.Services.SoapBehavior" name="SourceCode.Services.Wcf">
      <endpoint address="Process" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTP" contract="SourceCode.Services.ServiceContracts.IProcessService" />
      <endpoint address="Worklist" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTP" contract="SourceCode.Services.ServiceContracts.IWorklistService" />
      <endpoint address="Identity" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTP" contract="SourceCode.Services.ServiceContracts.IIdentityService" />
      <endpoint address="Core" behaviorConfiguration="SourceCode.Services.SoapBehavior" binding="basicHttpBinding" bindingConfiguration="SourceCode.Services.WcfBinding+HTTP" contract="SourceCode.Services.ServiceContracts.ICoreService" />
      <host>
        <baseAddresses>
          <add baseAddress="https://api.denallix.com:443/K2Services/WCF.svc" />
        </baseAddresses>
      </host>
    </service>
  </services>
Set the security mode to Transport for the endpoint bindings
<bindings>
  <webHttpBinding>
    <binding name="SourceCode.Services.RestBinding+HTTPS">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </webHttpBinding>
  <basicHttpBinding>
    <binding name="SourceCode.Services.WcfBinding+HTTPS">
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

Video	Links	Learn	Support
No videos found for this article K2 on YouTube No Additional links found for this article No self-learning content for this article Try some scenarios... No relevant support links available for this article