SAML Service Provider

SAML Service Provider


How can I use a 3rd Party service (such as ADFS, Office365, or OneLogin) to SSO into UW?


The SAML Service Provider (SP) features allows another Identity Provider (IDP) to single sign-on into Unified Workspace using SAML for a seamless sign-on experience.

Please see the SAML Service Provider Documentation for information on enabling SAML SP inside of UW:

Please see the following Articles on how to configure the following 3rd Party IDPs:

Once you have UW configured for SAML SP, you will want to configure UW to force users to use your 3rd Party IDP login page.

Create a redirect file and place it in the webserv folder on your relays.

We've used the file, attached to this article.
  1. Edit the redirectSamlSP.jsp and change the redirect URL to point to your IDP SAML login.
  2. Copy the file to your relay servers: c:\UnifiedWorkspace\webserv\custom\redirectSamlSP.jsp
  3. Create a Virtual Host entry on relay object's Options tab that redirects user to the redirectSamlSP.jsp
    Such as: <YOUR_UW_URL>/custom/redirectSamlSP.jsp

    Note: Adding the Virtual Host requires restarting UW.
Now when the user browses to <YOUR_UW_URL>, they are redirected to the login page you set in your redirect jsp.

It is also a good idea to set the the Redirect URL After Logout option, on the tenant, so that it redirects the user back to the SAML login page when the user logs out of UW.
  1. Expand Customization Center
  2. Expand Tenants
  3. Expand [Default] tenant object
  4. Select Global Settings
  5. Choose Redirect URL After Logout
  6. Change the value to the URL you go to, to log out of your IDP.
  7. For example:
  8. Click Save

To prevent users from going directly to https://<YOUR_UA_URL>/LoginPolicy.jsp, rename c:\UnifiedWorkspace\webserv\LoginPolicy.jsp and c:\UnifiedWorkspace\webserv\NoLoginPolicy.jsp to something unique, that you can remember.  This gives you an alternative login method if there is a problem with the IDP.
Note: When you perform an upgrade, these two files will be recreated, so you'll have to rename them again afterwards.

If you missed this part, under the SAML SP Advanced Concepts:
Login Script on the profile, to sync the users password

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace Released

        Highlights of Unified Workspace Before you install: Please view the installation notes here. requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace Fixed external storage providers oauth ...
      • Lenovo Unified Workspace Released

        Highlights of Unified Workspace Before you install: Please view the installation notes here. requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace Updated Log4j Updated Java Updated ...
      • Alternative Product for Unified Workspace

        Unfortunately, Lenovo Software does not have an alternative product in which to migrate. To our knowledge, there just isn't any other single product out there that can do all that Lenovo Unified Workspace (LUW) was able to do. In searching for ...
      • Retiring Unified Workspace

        Lenovo and Stoneware are committed to providing the highest quality products and services to our customers. As part of our continued focus on innovation, we will be retiring Unified Workspace (formerly Stoneware webNetwork), effective January 31, ...
      • Assigned tiles not showing due to missing back-link

        Question We have several staff members that can't see a specific assigned tile/link. The tile has many group assignments the user is a member of, but when I view User Access and look at the assigned Link Sources, the tile/link is not listed. Issue ...
      • Related Articles

      • SAML SP - Office365

        General Setup Go to Azure AD ( Click on "Enterprise applications" Click "New Application" Click "Non-gallery application" IMPORTANT - Office365 requires Azure AD and premium subscription, you may see an alternate screen ...
      • SAML SP - OneLogin

        General Setup Go to OneLogin administrator page (/admin) Click on "Apps" Click "Company Apps" Click "Add App" Search for "SAML" Select "SAML Test Connector (Advanced)" Recommended to add "LUW" into Display Name Click "SAVE" button Click ...
      • SAML SP - ADFS

        Pre-requisites Download the metadata file from https://YOUR-LUW-INSTALL/swSamlSp/metadata XML file Make sure ADFS has EnableIdpInitiatedSignonPage enabled MS article how to enable ...
      • SAML Identity Provider options

        Problem:  Customer or 3rd party vendor needs to know configuration options for setting up Identity Provider (IDP) initiated SAML. Cause:  As opposed to Service Provider (SP) initiated SAML, Identity Provider (IDP) needs more information from vendor ...
      • SAML Identity Provider general configuration

        This webapplication will be made up of a webapplication link and a public webapplication object. It will not have a host object like many other webapps.  In this example we will use the following settings:  Application type : public  Context path ...