This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

When logging in with a custom security provider and providing an incorrect password, the login attempt is attempted 3 times. In some cases this causes the end user to lock his account.

Symptoms

Enabling logging on, on a custom security provider and logging in using an incorrect password you will notice multiple log in attempts.

Resolution

The change to only log in once has been fixed in K2 Blackpearl 4.7. This requires some configuration changes.

\K2 Blackpearl\K2 Smartforms Runtime\Web.config:

Please have a look in web.config for the SecurityLabel.K2SQL.Method:

<add key="ExcludedSecurityLabels" value="SP"/>
<!-- SecurityLabel Method number that should be tried (if applicable) when authenticating users with login.aspx page (Semi-colon separated list) -->
<!-- Method 1: // Integrated login where username and domain are specified seperately. eg:denallix\bob => username:bob, domain: denallix -->
<!-- Method 2: // n/a -->
<!-- Method 3: // Integrated login where the username is specified and using the current domain. Tried when domain is not specified. eg:denallix\bob => username:bob, domain: {current domain} -->
<!-- Method 4: // n/a -->
<!-- Method 5: // Custom non-integrated login where username and domain are specified seperately. eg:denallix\bob => username:bob, domain: denallix -->
<!-- Method 6: // Custom non-integrated login where the username is specified as domain\username. Tried when domain is specified. eg:denallix\bob => username:denallix\bob, domain: null -->
<!-- Method 7: // Custom non-integrated login where the username is specified and using the current domain. Tried when domain is not specified. eg:bob => username:bob, domain: {current domain} -->
<!-- Method 8: // Custom non-integrated login where the username is specified as 'domain\username' with using the current domain. Tried when domain is not specified. eg:denallix\bob => username:k2\bob, domain: null -->
<!--<add key="SecurityLabel.K2SQL.Methods" value="5;7" />-->
<add key="SODataProvider.DirectExecution" value="true"/>

 

Please make the following changes:

<!-- <add key="SecurityLabels" value="K2SQL"/>-->
To
<add key="SecurityLabels" value="{LABEL_NAME}"/>

To limit logins only to the {LABEL_NAME} label.
And also change
<!--<add key="SecurityLabel.K2SQL.Methods" value="5;7" />-->
to
<add key="SecurityLabel.{LABEL_NAME}.Methods" value="5" />

Make the same changes to the following 2 files:

\K2 Blackpearl\K2 Smartforms Designer\Web.config

\K2 Blackpearl\WebServices\Identity\Sts\Forms\Web.config

Perform an IISRESET and K2 Blackpearl Service Restart for the changes to take affect.