Issue

The following error appears when trying to access K2 SmartForms or Workspace sites: "Authentication Failed: No credentials are available in the security package."

Symptoms

After applying Microsoft Security Updates, the following error appeared:

"Authentication Failed: No credentials are available in the security package"

On the event logs, the following appear:

"Exception: SourceCode.Hosting.Exceptions.AuthenticationException: Authentication Failed : No credentials are available in the security package at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.WindowsAuthentication(SCConnectionStringBuilder connectionStringBuilder) at SourceCode.Hosting.Client.BaseAPI.BaseAPIConnection.Authenticate(String connectionString) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.HandleIdentityImpersonation(Boolean asAppPool, 
Action action) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.TryCredentialToken(BaseAPIConnection connection, String credentialToken, Boolean asAppPool) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.
GetPoolConnection(String credentialToken, Boolean asAppPool, Boolean& tokenApplied) at SourceCode.Security.Claims.Web.Shared.ConnectionClass.OpenConnectionForAuthentication() at SourceCode.Security.Claims.Web.ClaimsHelper.
SaveBootstrapContext(BootstrapContext bootstrapContext, ClaimsIdentity claimsIdentity) at SourceCode.Security.Claims.Web.ClaimsHelper.OnValidateToken(SecurityTokenHandler tokenHandler, SecurityToken token, ReadOnlyCollection`1 claimsIdentityCollection, Boolean standardMapToWindows) at SourceCode.Security.Claims.Web.WIFExtensions.SamlSecurityTokenHandler.ValidateToken(SecurityToken token) at System.IdentityModel.Services.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri) at System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) at System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)"

Resolution

The issue could possibly be caused by IIS_IUSRS Group Permissions change after Microsoft Security Updates were applied, or the K2 Service account does not have “Impersonate a Client after Authentication” rights. 

Adding the K2 Service account to the IIS_IUSRS Group reset the permission settings for the K2 Service account which resolved the issue.