This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice This article is not considered official documentation for K2 software and is provided “as is” with no warranties.

Issue

The following error appears when trying to access K2 SmartForms or Workspace sites: "Authentication Failed: No credentials are available in the security package."

Symptoms

After applying Microsoft Security Updates, the following error appeared:

"Authentication Failed: No credentials are available in the security package"

On the event logs, the following appear:

"Exception: SourceCode.Hosting.Exceptions.AuthenticationException: Authentication Failed : No credentials are available in the security package at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.WindowsAuthentication(SCConnectionStringBuilder connectionStringBuilder) at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.Authenticate(String connectionString) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.HandleIdentityImpersonation(Boolean asAppPool, 
Action action) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.TryCredentialToken(BaseAPIConnection connection, String credentialToken, Boolean asAppPool) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.
GetPoolConnection(String credentialToken, Boolean asAppPool, Boolean& tokenApplied) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.OpenConnectionForAuthentication() at SourceCode.Security.Claims.Web.ClaimsHelper.
SaveBootstrapContext(BootstrapContext bootstrapContext, ClaimsIdentity claimsIdentity) at SourceCode.Security.Claims.Web.ClaimsHelper.OnValidateToken(SecurityTokenHandler tokenHandler, SecurityToken token, ReadOnlyCollection`1 claimsIdentityCollection, Boolean standardMapToWindows) at SourceCode.Security.Claims.Web.WIFExtensions.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)"

Resolution

The issue could possibly be caused by IIS_IUSRS Group Permissions change after Microsoft Security Updates were applied, or the K2 Service account does not have “Impersonate a Client after Authentication” rights. 

Adding the K2 Service account to the IIS_IUSRS Group reset the permission settings for the K2 Service account which resolved the issue.