<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

"Claims-based Authentication Error" after upgrading K2 from version 4.6.11 to 4.7

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


The following error might appear after an upgrade: 

"Claim mapping configuration cannot be found for this claim.

Claim information: Name='AD\NAME', Issuer='FormsSTS', Original Issuer='FormsSTS'. Please ensure that you have configured the K2 server as specified in K2 Help: Installation and Configuration > Configuration > SharePoint > Claims-based Authentication. "


Users are unable to log in and authenticate on any SmartForms (Runtime & Design time).

Troubleshooting Steps

This issue occurred due to the K2TokenService config file. The Claims error resolved by adding the K2 webservice and K2 service accounts to the config:

<clear />
<add value="AD\k2web-svc" /> //iis app pool account
<add value="AD\k2services-svc" /> //application server account

K2TokenService is used to convert claims tokens to Windows tokens for off-box authentication and impersonation that requires a Windows token, for example an SQL Server.

The K2 Windows Token Service is installed on the servers where the K2 Designer, K2 SmartForms Runtime and K2 View Flow components are installed and runs under the local system account.