Single Sign On (SSO) with Stoneware Unified Workspace by Lenovo

The examples below were provided to TeamDynamix by clients who were able to successfully configure Single Sign On using Stoneware Unified Workspace by Lenovo. Please note that TeamDynamix does not have expertise in IdP configurations for Stoneware Unified Workspace. It is best for you to speak with your internal technical team or an Stoneware Unified Workspace professional for any issues or questions related to configuring Single Sign On in Stoneware Unified Workspace.

Overview

This article covers how other TeamDynamix clients have configured Stoneware Unified Workspace to allow Single Sign On authentication with TeamDynamix.

Stoneware Unified Workspace Configuration

General Authentication Configuration

The below image demonstrates the general Authentication configuration settings for Stoneware Unified Workspace.


Figure 1

Take special note of a few things here:

  • The SAML Initiation value is Service Provider. This is the standard configuration with TeamDynamix supports.
  • The Audience value is https://www.teamdynamix.com/shibboleth. This is important because this value must match the entityID listed in the TeamDynamix SP metadata (which can be obtained from the InCommon Federation). Any other value for Audience will result in an error about an invalid audience restriction.

    This value is actually going to be what you put in any IdP system for the Audience or Audience Restriction value and is not a value specific for usage with Stoneware Unified Workspace!
     
  • The PFX Certificate, Private Key and Certificate  fields are filled out by the client (IdP) and are not values TeamDynamix can provide. 
  • The configuration without the Service Provider Metadata URL field should work blanked out. If this does pose issues, you can also try putting a value of https://shib.teamdynamix.com/Shibboleth.sso/Metadata/ there. We encourage you to try it blank first though.

 

SAML Attribute Configuration

The second image demonstrates how to map particular attributes from Stoneware Unified Workspace to standard SAML attributes.


Figure 2

Enter SAML Attribute Assertion Parameters in the following format:
Parameter Name: Standard SAML attribute Name from Name column of related SSO Self-Registration Attribute Mappings article. Do not use the ID column value.
Example: urn:oid:1.3.6.1.4.1.5923.1.1.1.6

Parameter Value: Desired Stoneware Unified Workspace backing attribute
Example: @@attr:mail@@

While any number of attributes can be mapped from Stoneware Unified Workspace to standard SAML attributes, the eppn attribute (shown in the image and examples above) must be mapped for authentication to work. You can, however, map a different underlying attribute value to eppn instead of mail. That is just the typical attribute mapped.

See the related SSO Self-Registration Attribute Mappings article in the Related Articles section above for the full list of attributes supported by TeamDynamix.

Details

Article ID: 28342
Created
Wed 3/29/17 11:19 AM
Modified
Wed 7/14/21 2:19 PM

Related Articles (2)

Accepted SAML SSO Attributes
The list of attributes and formats which TeamDynamix accepts for SAML 2.0 Single Sign On (SSO) authentication and self-registration processes.
Troubleshooting Single Sign On (SSO) Issues
This article will cover several common issues experienced by clients who utilize Single Sign On authentication in TeamDynamix and troubleshooting steps you can take to resolve them.