Category Archives: How-to

How To: Re-configure your K2 environment to use forms authentication

This blog post is just a short walk-through explaining how to switch your K2 environment from Windows to Forms authentication. Just to provide you an example of when you may want this – you can use this configuration when you want to get password prompt on token expiration while all your forms users working from domain joined workstations belonging to K2 server domain (that means that STS token refresh will be happening without any extra password prompts using existing Windows user credentials to obtain STS token).

Required steps are described in K2 documentation (look under “Forms Authentication”) but at the moment it does not mention some required steps which we will cover here.

To switch over to Forms Authentication you first need to navigate to K2 Management > Authentication > Claims > Issuers section of K2 Management site:

K2 Management – Issuers

There you can select K2 Forms STS and Click Edit button to enable “Use for Login” option of this issuer:

K2 Management – Edit K2 Forms STS issuer

Once you enabled this option, switch over to Authentication > Claims > Realms:

K2 Management – Realms

Here you need to edit every realm and link K2 Forms STS issuers to it (depending on your needs you can do that only for some realms):

K2 Management – Edit Issuer

Once you do that your realms should have K2 Forms STS visible in LINKED ISSUERS column:

K2 Management – Linked Issuers Column

At this point if you restart your browser and try to access K2 sites you will be presented with login method selection which looks as follows:

K2 Login Method Selection

If you don’t like this dialog or do not need to use multiple logon methods just uncheck
“Use for Login” option for K2 Windows STS issuer, with such configuration you will be getting immediate form authentication prompt on attempt to access K2 site (and after K2 STS token expiration). This is how it looks like:

K2 Forms Authentication Logon Page

Up to now we were following steps from K2 documentation and completed them but if you try to login with correct credentials you may see the following error:

Server Error – Claim mapping configuration cannot be found for this claim

Error message has the following text:

Server Error
Claim mapping configuration cannot be found for this claim. Claim information: Name='DENALLIX\administrator', Issuer='FormsSTS', Original Issuer='FormsSTS'. Please ensure that you have configured the K2 server as specified in K2 Help: Installation and Configuration > Configuration > SharePoint > Claims-based Authentication.
More Details
at SourceCode.Hosting.Server.Runtime.HostSecurityManager.GetClaimsUserName(String tokenXml, ClaimsTokenType tokenType, ClaimsVersion claimsVersion)
at SourceCode.Hosting.Server.Runtime.HostSecurityManager.AuthenticateIIdentitySession(String sessionCookie, String tokenXml, ClaimsTokenType tokenType, String connectionString, String authReqSource, ClaimsVersion claimsVersion)

This error and corrective actions to it do not mentioned in product documentation. To fix this you have to do the following:

1. Edit K2TokenService.exe.config located in “%K2_INSTALLATION_ROOT%\Token Service\Bin\” adding your K2 service and K2 application pool accounts into allowedCallers section as shown below:

K2TokenService.exe.config – allowedCallers

Here is sample of allowedCallers section text:

<allowedCallers>

  <clear />

  <add value=”denallix\k2webservice” />

  <add value=”denallix\k2service” />

</allowedCallers>

2. Save your changes and restart K2 Claims To Windows Token Service aka K2WTS (you can use PoSh command for that – Restart-Service K2WTS).

After performing these steps you will be able to logon to K2 sites using forms authentication.

Please follow and like us:

Creating Hyper-V VM with Ubuntu Server

I’ve recently decided to learn a bit about Ubuntu and going to do some project based on this platform, hence this little post describing how to create Ubuntu Server Hyper-V VM.

First of all, you need to download latest Ubuntu Server installation media from here, selecting between LTS (Long Term Support) and regular version:

LTS version is more tested and enterprise focused version which is released every 2 years and has 5 years support cycle.

Once you have installation media you just need to create Hyper-V VM allocating desired quantity of resources to it (note that this OS has quite humble minimum requirements) and make your VM Generation choice.

Despite the fact that process of creating VM is more or less the same for any OS I decided to write down all the steps involved into setting up Ubuntu Server VM.

You can follow these steps to create your own Hyper-V VM with Ubuntu Server OS. Right click on your Hyper-V host and select New > Virtual Machine:

Just click Next on Before You Begin page:

Specify name and location for your VM (be sure to specify your preferred VMs folder, VM specific subfolder will be created automatically based on VM name you type in):

Select Generation of your VM (note this cannot be changed once VM is created):

I wanted Generation 2 VM so I’ve selected this option (refer to MSFT documentation for information on choosing VM generation). Note that for Ubuntu VM you need to disable secure boot feature which will be enabled by default on Generation 2 VM.

Assign desired amount of memory and decide whether Dynamic Memory should be used:

Select virtual switch:

Adjust VHD settings if necessary:

Specify path to Ubunto ISO file you downloaded earlier:

Review selection you made and click on Finish:

Disable Secure Boot before powering on your VM – otherwise your VM fail to boot (as per MSFT documentation: “some Linux virtual machines will not boot unless the secure boot option is disabled”):

And while you are still in VM properties I would recommend you to disable automatic checkpoints (unless you want to use them):

Once you start VM setup process will be initiated automatically:

You will need to select preferred language:

Then keyboard settings:

And next, select Install Ubuntu option:

Accept default network connections settings:

And leave your proxy settings empty (unless you are using proxy server):

Accept default archive mirror address and hit Done:

Accept defaults on filesystem setup (which will mean use entire disk for our installation):

Select disc or accept selection if you have just one:

Accept default filesystem settings on the next page:

Agree with formatting selected drive (data loss warning):

Specify profile settings and server name (note that only small letters accepted for server and user names – great example of explicitness which leaves no chance for you to grown up into proficient user thinking that some case insensitive objects are case sensitive – happens way too often in more thanks to some user friendly OSs):

Select whether you want to install OpenSSH server:

Select any additional packages you may want to install:

Wait till installation go through remaining steps:

Hit Reboot Now once installation completes:

Once VM reboot completes you will be prompted to remove installation medium and hit ENTER (Hyper-V should auto remove it for you):

Once reboot completes Ubuntu Server should start and meet you with credentials prompt:

Once you type in your login and password correctly you will be invited to enter commands (no GUI installed on Server version by default):

At this point I suggest you to shutdown VM with shutdown -P now command and make your baseline VM snapshot.

Last do couple of more things before we wrap off our VM setup process. Let’s first install updates using sudo apt-get update (to fetch the list of available updates) and sudo apt-get upgrade (to upgrade installed packages):

And last but not least, let’s add GUI to our server – for that just use sudo apt-get install ubuntu-desktop confirming that you want to continue on additional space usage requirement consent step. Once setup completes you need to reboot your VM and it will start in GUI mode:

After clicking on your user icon, type in your password and click Sign In:

You will be presented with What’s new in Ubuntu splash screen:

This concludes VM installation and configuration process. Stay tuned for the new posts as I’m going to keep using this VM and documenting installation and configuration of additional packages and other things.

Please follow and like us:

Sample PS script for bulk creation of AD DS groups

You know, sometimes need of creating 10 groups using ADUC groups for quick test is enough to fire off Windows PowerShell ISE and compose PS script… Below you can find little script to create any number of AD DS group you want, thanks to its compactness it may also serve you as an example of implementing WHILE cycle in PowerShell, so I’ll just leave it here.

Please follow and like us:

ADDSCHK – Quick check on domain size

Sometimes while looking at somebody’s else ADDS environment you may want to know some basics about it – things such as total number of users, or in which OU this specific server is hiding. What surprises me a lot is that how frequently you can see people telling you that they don’t have right consoles here on this server (while their just in one PoSh line from all they need), or they not sure if they have permissions (which they usually do have). If you are lucky you just spend some time waiting for a person switching over to some other machine or directly to DC (yes to DC, just because ADUC console lives there 🙂 ), or in some other cases you will be dragged through multiple redirects / additions of people to the call only to end up explaining final person in that chain exact steps to be performed to get your questions answered (which you were perfectly able to do without switching servers and involving other people, in the first place).

Unless you already got it, it is more preferable and faster just to do yourself a favor of comfortably staying on the server where you working and issue Install-WindowsFeature RSAT-AD-PowerShell to solve missing tools problem in 20 seconds, and then, use PoSh to get your questions answered. Here is sample PS function, which I named similarly to  CHKDSK (thing of which I have very fond memories ever since I use it to help my classmate to repair his HDD at the time of 1-2 GB hard drives and Windows 95) – ADDSCHK:

In the world where increasing number of people does not hone their “I can do this in N ways” skills (and sometimes even “I understand how it works” too), you frequently better off speaking PoSh with infrastructure directly than with those who entrusted to keep it up and running 🙂

Please follow and like us: