aspera.conf - Authorization

The configuration options in the <authorization/> section of aspera.conf.

This topic shows you how to modify the <authorization/> section of aspera.conf.

  1. Open aspera.conf.
    /opt/aspera/etc/aspera.conf

    You can also find the configuration example in this path:

    /opt/aspera/etc/samples/aspera-everything.conf
  2. Add or locate the <authorization/> section using a template.

    The following template includes all options:

    <authorization>
       <transfer>
          <in>
             <value>allow</value>       <!-- Incoming Transfer -->
             <external_provider>
                <url>...</url>   <!-- Incoming External Provider URL -->
                <soap>...</soap> <!-- Incoming External Provider SOAP Action -->
             </external_provider>
          </in>
          <out>
             <value>allow</value>       <!-- Outgoing Transfer -->
             <external_provider>
                <url>...</url>   <!-- Outgoing External Provider URL -->
                <soap>...</soap> <!-- Outgoing External Provider SOAP Action -->
             </external_provider>
          </out>
       </transfer>
       <token>
         <encryption_type>aes-128</encryption_type> <!-- Token Encryption Cipher -->
         <encryption_key> </encryption_key>         <!-- Token Encryption Key -->
         <filename_hash> </filename_hash>           <!-- Token Filename Hash -->
         <life_seconds>86400</life_seconds>         <!-- Token Life (seconds) -->
       </token>
    </authorization>
  3. Configuration options reference.

    The following table lists all configuration options:

    Field Description Values Default
    Incoming Transfers The default setting of allow enables users to transfer to this computer. Setting this to deny will prevent transfers to this computer. When set to token, only transfers initiated with valid tokens will be allowed to transfer to this computer. Token-based transfers are typically employed by web applications such as Faspex and require a Token Encryption Key.
    • allow
    • deny
    • token
    allow
    Incoming External Provider URL The value entered should be the URL of the external authorization provider for incoming transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. HTTP URL blank
    Incoming External Provider SOAP Action The SOAP action required by the external authorization provider for incoming transfers. Required if External Authorization is enabled. text string blank
    Outgoing Transfers The default setting of allow enables users to transfer from this computer. Setting this to deny will prevent transfers from this computer. When set to token, only transfers initiated with valid tokens will be allowed to transfer from this computer. Token-based transfers are typically employed by web applications such as Faspex and require a Token Encryption Key.
    • allow
    • deny
    • token
    allow
    Outgoing External Provider URL The value entered should be the URL of the external authorization provider for outgoing transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. HTTP URL blank
    Outgoing External Provider Soap Action The SOAP action required by the external authorization provider for outgoing transfers. Required if External Authorization is enabled. text string blank
    Token Encryption Cipher The cipher used to generate encrypted authorization tokens.
    • aes-128
    • aes-192
    • aes-256
    aes-128
    Token Encryption Key This is the secret text phrase that will be used to authorize those transfers configured to require token. Token generation is part of the Aspera SDK. See the Aspera Developer's Network (Token-based Authorization Topic) for more information. text string blank
    Token Filename Hash Which algorithm should filenames inside transfer tokens be hashed with. Use MD5 for backward compatibility.
    • sha1
    • MD5
    • sha256
    sha1
    Token Life (seconds) Sets token expiration for users of web-based transfer applications. positive integer 86400 (24 hrs)
  4. Validate aspera.conf.

    When you have finished updating aspera.conf, use this command to validate it:

    $ /opt/aspera/bin/asuserdata -b -v -a