Known Issue: Users can Access K2 Realms they are not Configured to Use

  • 16 February 2021
  • 0 replies
  • 18 views

Userlevel 5
Badge +20
 

Known Issue: Users can Access K2 Realms they are not Configured to Use

KB002439

PRODUCT
K2 blackpearl

 

Issue

When you have users who log in to K2 from different providers, such as Windows users inside your network and external users who use Basic authentication with a username and password, configuring your realms may not prevent people from accessing both sites. This is By Design in the way K2 sites are configured, but you can update the web.config file to limit users to only the realms you specify.

 

This behavior only occurs if the hostname/base URL is the same for your designer and runtime sites, such as https://k2.denallix.com/designer and https://k2.denallix.com/runtime. If they are not the same, the cookie is not shared.

 

Workaround

You must edit the web.config files for the designer and runtime sites, and remove the path="/" setting of the cookieHandler key. You can find these files at <install drive>:Program Files or Program Files (x86)K2K2 smartforms Designer and K2 smartforms Runtime.

 

By default, the sites are configured as follows:

Image

 

Removing the path attribute forces the sites not to share cookies in the same path (by hostname), and your resulting cookieHandler key is as follows:

Image

 

 

 


0 replies

Be the first to reply!

Reply