Service Types
Service types are connectors/adapters that allow K2 to interact with some underlying system and expose objects in that system as SmartObjects. A service type allows K2 to integrate with a technology, while Service Instances of a service type to connect to specific instances of that system. Service instances are configured instances for a particular service type that point to an actual system, and you can have multiple service instances for the same service type that are configured to connect to different systems. For example, one instance of the SQL Server service type is configured to connect to your HR database while another service instance is configured to connect to your Finance database. You must configure service instances before developers and designers are able to create or use SmartObjects for that particular data store.
It is possible to extend K2 by creating and registering custom Service Types that allow K2 to integrate with a technology not supported out of the Box.
Clicking on Service Types returns a list of all the available Service Types and number of instances per Service Type in your environment. From the Service Types page, you
Service Types
Follow these steps to register a new Service Type in your K2 environment.
- Click New in the Service Types section.
- The Configure Service Type page opens.
- Configure the Service Type. Configuration values are determined by the selected Service Type.
The list of names are based on .NET Reflection, where K2 will iterate over assemblies in the ServiceBroker directory on the K2 server (default: "%ProgramFiles%\K2 \ServiceBroker") and return those assemblies that implement the necessary Service Broker/Type Interfaces
- Click OK
Follow these steps to edit a Service Type.
- Select a Service Type from the list and click Edit.
- The Configure Service Type page opens. Edit the values as necessary, using the table in Registering a Service Type as a guide.
- Update fields as required, and click OK.
Follow these steps to delete a Service Type.
- Select a Service Type and click Delete.
- The Delete dialog opens. Click OK to confirm you wish to delete the Service Type.
- Click OK.
Follow these steps to create a new Service Instance for a Service Type:
- Click on the Service Type you want to create a new instance for.
- The New Instance button becomes available.
-
Click New Instance. The Configure Service Instance page opens.
Use the table below as a guideline to configure the new service instance:
Section Field What to do Service Instance Display Name Type a value for the display name of the new service instance. Service Instance Description Type a value to describe the new service instance. Service Instance Service Type The Service Type selected from the previous view will display. You can select a different Service Type from the drop-down if needed. Service Authentication Authentication Mode Select the Authentication Mode to be used for this service instance from the drop-down. This setting determines the security credentials that will be used to connect to the underlying system. See the topic Authentication Modes for more information.
Not all Authentication Modes are supported for all Service Types. Refer to the Service Type documentation for the particular Service Type you wish to configure to see what known Authentication Mode restrictions may exist.- Impersonate: passes the connected user's credentials to the underlying system
- OAuth: uses OAuth tokens to authenticate with the underlying system. This setting requires a configured OAuth resource for the underlying system.
- ServiceAccount: connects to the underlying system using the credentials of the account that runs the K2 application service
- SSO: uses cached Single Sign-On credentials for the connected user. This setting will require you to select a Security Provider that will map an incoming user's credentials to alternate credentials that are accepted by the underlying system.
- Static: use a static username and password to connect to the underlying system
Service Authentication Security Provider The Security Provider drop-down will be enabled when the single sign on (SSO) Authentication Mode was selected. Select the security provider to be used from the drop-down. Service Authentication OAuth Resource Name This drop-down will be enabled when the OAuth Authentication Mode was selected. Select the OAuth resource name to be used from the drop-down.(The Resource is defined using the Authentication section of the K2 management site.) Service Authentication OAuth Resource Audience Enter the OAuth Resource Audience URI to use for OAuth Authentication. This setting is only applicable when using the OAuth Authentication Mode, and refers to the URI used to access a realm, for example https://graph.windows.net Service Authentication User Name This field will be enabled when the Static Authentication Mode was selected. Type the name of the user to be used when connecting to the underlying system. Service Authentication Password This field will be enabled when the Static Authentication Mode was selected. Type the password of the user entered in the User Name field. Service Authentication Extra Type a value for extra connection information. This setting is usually not required unless the authentication mechanism or Service Type selected requires or allows additional configuration. Service Authentication Enforce Impersonation This is a Pass-through Authentication option and is only applicable for the Impersonate and OAuth Authentication Modes. If Enforce Impersonation is not checked and Pass-through Authentication fails for the impersonated user, the service will revert to the K2 Service Account and retry the operation. If Enforce Impersonation is checked, the service will not revert to the Service Account if it fails with the impersonated user. Service Keys (The Service Keys depends on the Service Type selected). Provide the configuration settings for the particular Service Type you are configuring. See the documentation for the particular service type for more information on the available configuration values for that Service Type.
SmartObjects Generate SmartObjects for this Service Instance Select the check box if you want to automatically generate SmartObjects for the new Service Instance. (Whether this check box is selected or not, designers can still create SmartObjects for the underlying system manually using K2 Design tools). - Click OK to register the new Service Instance after providing the necessary values. It may take a few seconds for this operation to complete, since K2 may be performing discovery operations against a large set of entities, and/or generating and publishing SmartObjects, if the Generate SmartObjects option was selected.
The Security button allows you to define design-time rules to control who is allowed to manage service types. Service types inherit rights from the service instances security level. See Authorization Framework Overview and Service Instances Security for more information about rights, inheritance, considerations, and best practices before assigning rights per service type.
You can assign rights to a specific service type, which allows you more granular control for each service type.
Right | Description |
---|---|
View |
Allows you to see and use the service type and its child service instances at design time in K2 Management and K2 Designer (Unless inheritance is broken on a lower level) |
Create |
Allows you to create service instances in K2 Management |
Modify |
Allows you to update this service type and all its child service instances in K2 Management (Unless inheritance is broken on a lower level) |
Delete |
Allows you to delete this service type and all its child service instances in K2 Management (Unless inheritance is broken on a lower level) |
Security |
Allows you to give other people the right to assign rights on this service type and all its child service instances (Unless inheritance is broken on a lower level) |
Follow these steps to add rights to a specific service type:
-
Select a service type and then click Security.
- Add a user, group, or role by clicking the Add button.
- On the Add Users, Groups, And Roles page search and add a user, group, or role. Click OK.
- Specify the user, group, or role's View, Create, Modify, Delete, and Security rights. If the user, group, or role has rights at the service instances security level, the following rights are available: Allow, Deny and Inherited Allow. If the user, group, or role does not have rights at the service instances security level or if the inheritance is broken the following rights are available: Allow, Deny and None.
- Add more users, groups, and roles if necessary. Click Close.When specifying users, groups, and roles, the Everyone role is added during installation, providing all authenticated users, the ability to view service types and service instances. Best practice would be to modify the Everyone role's view rights to None on the Service Instances Security level, and grant permissions to users, groups, and roles according to your organizations requirement on the service type and service instance.
Follow these steps to edit service type rights:
- Select the service type and click Security.
- Select a user, group, or role and edit the rights. Click Close.
Follow these steps to remove edit service type rights:
- Select the service type and click Security.
- Select a required user, group, or role and click Remove.