Configuring the IDP

After you enable single sign-on in Team Studio, when you visit the Team Studio URL and are not logged in, it attempts to redirect to the IDP login page instead of showing the normal Team Studio login page.

This might or might not succeed, depending on how the IDP is configured. In either case, the IDP must be configured to recognize Team Studio before authentication succeeds. The details of this process are specific to each IDP implementation; see your IDP documentation for details.

Below is a list of common steps for IDP configuration:

Prerequisites

Procedure

  1. Download the Team Studio SAML metadata XML file from http://mytsdsinstallation.mydomain.com/auth/saml/metadata.
  2. Inspect the metadata file and ensure that any URLs in it can be resolved by users' web browsers. The IDP redirects web browsers to these URLs at various points in the process. If the browser cannot resolve them, authentication fails. If the URLs are incorrect, you can manually fix the XML file or set the entity ID in the Team Studio authentication configuration to the correct value, and then re-download the file.
  3. Provide this metadata file to your IDP using whatever mechanism your IDP provides.
  4. Ensure that the IDP has access to whatever public certificates are necessary to validate the private key that was uploaded to the Team Studio authentication configuration panel earlier.
  5. Ensure that the IDP is configured to provide the User ID and Role using the attribute names that Team Studio was configured to expect.
  6. Ensure the changes to the IDP configuration have taken effect (a restart may be necessary).