Application Architecture

The K2 Workspace apps (iOS and Android versions) interact with the K2 server, and this topic describes how the apps interact with the server.

K2 Workspace apps connect with various parts of the K2 platform as seen in the following diagram. Arrows indicate requests made between components.

The K2 Workspace app uses federated authentication as its default authentication method. To use federated authentication, ensure you have installed the following fix packs on your K2 environment.

General Flow

There are four steps to the flow of data:

  1. Autodiscover
  2. Connect to server
  3. Authenticate
  4. Retrieve user information

Below are detailed steps of the flow of data:

The first thing that the K2 apps do when signing in is to retrieve the Autodiscover information for your environment. This step is represented by the yellow arrow in the flow diagram.

The apps retrieve the Autodiscover information so that they can connect to the server that has the most functionality; you get Application Forms and Offline Forms if the mobile app can connect to a SmartForms server, but you only get Worklist functionality if the apps can only connect to a K2 blackpearl server. The app maintains a potential server list which is used to find the optimal server.

Given a server URL of https://k2blackpearl.com, the apps retrieve autodiscover information from https://k2blackpearl.com/autodiscover/autodiscover.

From here, the apps parse the response and get the default SmartForms Runtime URL as well as the default Web Service URL. This results in the following potential service URLs.

  • SmartForms Runtime URL: https://k2smartforms.com
  • Web Service URL: https://k2blackpearl.com
  • User-entered URL: https://k2blackpearl.com

K2 Workspace (Mobile) then attempts to connect to the server at the top of the potential servers list, which means the SmartForms Runtime URL is tried first. The app connects to the URL to determine which authentication mechanism the server uses. The URL is removed from the potential server list if the mobile app fails to connect to it. If this happens, the mobile apps move on to the next URL in the list.

Example

Using the server list seen in the table in step 1, the app attempts to connect to https://k2smartforms.com/k2api/fed/user/current.

If the firewall only allows traffic to https://k2smartforms.com/Runtime/* and, in turn, blocks the app connection to https://k2smartforms.com/k2api/*, the app discards the server from the list. The potential server list then looks like this:

  • Web Service URL: https://k2blackpearl.com
  • User entered URL: https://k2blackpearl.com

Now the top most server is tried: https://k2blackpearl.com/k2api/fed/user/current

This succeeds by returning a 302 with a redirect to TRUST as the supported authentication mechanism (returned in the WWW-Authenticate header).

You are then prompted to sign with your username and password. Same credentials as you would use when signing in using a browser.

Lastly, your tasklist and other information is retrieved.