The following error might appear after an upgrade:
"Claim mapping configuration cannot be found for this claim.
Claim information: Name='AD\NAME', Issuer='FormsSTS', Original Issuer='FormsSTS'. Please ensure that you have configured the K2 server as specified in K2 Help: Installation and Configuration > Configuration > SharePoint > Claims-based Authentication. "
Users are unable to log in and authenticate on any SmartForms (Runtime & Design time).
This issue occurred due to the K2TokenService config file. The Claims error resolved by adding the K2 webservice and K2 service accounts to the config:
<add value="AD\k2web-svc" /> //iis app pool account
<add value="AD\k2services-svc" /> //application server account
K2TokenService is used to convert claims tokens to Windows tokens for off-box authentication and impersonation that requires a Windows token, for example an SQL Server.
The K2 Windows Token Service is installed on the servers where the K2 Designer, K2 SmartForms Runtime and K2 View Flow components are installed and runs under the local system account.