Authorization

Connection permissions, token key, and encryption requirements.

The Authorization configuration options can be found in the application's Configuration, under the Global, and Users tabs.

Bring up the Server Configuration window

Authorization configuration options.

The following table lists all configuration options:

Field Description Values Default
Incoming Transfers The default setting of allow enables users to transfer to this computer. Setting this to deny will prevent transfers to this computer. When set to token, only transfers initiated with valid tokens will be allowed to transfer to this computer. Token-based transfers are typically employed by web applications such as Faspex and require a Token Encryption Key.
  • allow
  • deny
  • token
allow
Incoming External Provider URL The value entered should be the URL of the external authorization provider for incoming transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. HTTP URL blank
Incoming External Provider SOAP Action The SOAP action required by the external authorization provider for incoming transfers. Required if External Authorization is enabled. text string blank
Outgoing Transfers The default setting of allow enables users to transfer from this computer. Setting this to deny will prevent transfers from this computer. When set to token, only transfers initiated with valid tokens will be allowed to transfer from this computer. Token-based transfers are typically employed by web applications such as Faspex and require a Token Encryption Key.
  • allow
  • deny
  • token
allow
Outgoing External Provider URL The value entered should be the URL of the external authorization provider for outgoing transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. HTTP URL blank
Outgoing External Provider Soap Action The SOAP action required by the external authorization provider for outgoing transfers. Required if External Authorization is enabled. text string blank
Token Encryption Cipher The cipher used to generate encrypted authorization tokens.
  • aes-128
  • aes-192
  • aes-256
aes-128
Token Encryption Key This is the secret text phrase that will be used to authorize those transfers configured to require token. Token generation is part of the Aspera SDK. See the Aspera Developer's Network (Token-based Authorization Topic) for more information. text string blank
Token Life (seconds) Sets token expiration for users of web-based transfer applications. positive integer 86400 (24 hrs)
Token Filename Hash Which algorithm should filenames inside transfer tokens be hashed with. Use MD5 for backward compatibility.
  • sha1
  • MD5
  • sha256
sha1
Strong Password Required for Content Encryption When set to true, require the password for content encryption to contain at least 6 characters, of which at least 1 is non-alphanumeric, at least 1 is a letter, and at least 1 is a digit.
  • true
  • false
false
Content Protection Secret Enable server-side encryption-at-rest (EAR) using the specified passphrase. Files uploaded to this server will be encrypted. Files downloaded will be decrypted. passphrase (none)
Content Protection Required Setting to true requires that content be left encrypted at the destination.
  • Users will be required on upload to enter a password to encrypt the files on the server.
  • Users will be given the option when downloading to decrypt during transfer.
  • true
  • false
false
Do encrypted transfers in FIPS-140-2-certified encryption mode When set to true, ascp will use a FIPS 140-2-certified encryption module. Note that when this feature is enabled, transfer start is delayed while the FIPS module is verified. Note: When you run ascp in FIPS mode (that is, <fips_enabled> is set to true in aspera.conf), and you use passphrase-protected SSH keys, you must either (1) use keys generated by running ssh-keygen in a FIPS-enabled system, or (2) convert existing keys to a FIPS-compatible format using a command such as the following:
openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
  • true
  • false
false
Encryption Allowed Describes the type of transfer encryption accepted by this computer. When set to any the computer allows both encrypted and non-encrypted transfers. When set to none the computer restricts transfers to non-encrypted transfers only. When set to aes-128 the computer restricts transfers to encrypted transfers only.
  • any
  • none
  • aes-128
any