Authorization

To set the Authorization configuration options, including connection permissions, token key, and encryption requirements, click Configuration and modify values for the Global, and Users tabs under their respective Authorization tabs. Select Override in the option's row to set an effective value.

Bring up the Server Configuration window Authorization configuration options.

The following table lists all configuration options on the Authorization tab:

Setting Description Values Default
Incoming Transfers To enable users to transfer to this computer, leave the default setting of allow. Set to deny to prevent transfers to this computer. Set to token to allow only transfers initiated with valid tokens to this computer. Token-based transfers are typically used by web applications such as Faspex and require a Token Encryption Key. allow, deny, or token allow
Incoming External Provider URL Set the URL of the external authorization provider for incoming transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. Requires a value for Incoming External Provider SOAP Action. HTTP URL blank
Incoming External Provider SOAP Action The SOAP action required by the external authorization provider for incoming transfers. Required if External Authorization is enabled. text string blank
Outgoing Transfers To enable users to transfer friom this computer, leave the default setting of allow. Set to deny to prevent transfers from this computer. Set to token to allow only transfers initiated with valid tokens from this computer. Token-based transfers are typically used by web applications such as Faspex and require a Token Encryption Key. allow, deny, or token allow
Outgoing External Provider URL Set the URL of the external authorization provider for outgoing transfers. The default empty setting disables external authorization. Aspera servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations requiring custom authorization rules. Requires a value for Outgoing External Provider Soap Action. HTTP URL blank
Outgoing External Provider Soap Action The SOAP action required by the external authorization provider for outgoing transfers. Required if External Authorization is enabled. text string blank
Token Encryption Cipher Set the cipher used to generate encrypted authorization tokens. aes-128, aes-192, or aes-256 aes-128
Token Encryption Key Set the secret text phrase that will be used to authorize those transfers configured to require token. Aspera recommends setting a token encryption key of at least 20 random characters. For more information, see Configuring Token Authorization from the GUI. text string blank
Token Life (seconds) Set the token expiration for users of web-based transfer applications. positive integer 86400 (24 hrs)
Token Filename Hash Set the algorithm with which filenames inside transfer tokens should be hashed. Use MD5 for backward compatibility. sha1, md5, or sha-256 sha-256
Strong Password Required for Content Encryption Set to true to require the password for content encryption to contain at least 6 characters, of which at least 1 is non-alphanumeric, at least 1 is a letter, and at least 1 is a digit. true or false false
Content Protection Secret Enable server-side encryption-at-rest (EAR) using the specified passphrase. Files uploaded to this server will be encrypted. Files downloaded will be decrypted. passphrase (none)
Content Protection Required Set to true to require that content be left encrypted at the destination.
  • Users are required to enter a password during upload to encrypt the files on the server.
  • Users will be given the option when downloading to decrypt during transfer.
true or false false
Do encrypted transfers in FIPS-140-2-certified encryption mode Set to true for ascp to use a FIPS 140-2-certified encryption module. When enabled, transfer start is delayed while the FIPS module is verified.

When you run ascp in FIPS mode (that is, <fips_enabled> is set to true in aspera.conf), and you use passphrase-protected SSH keys, you must use keys generated by running ssh-keygen in a FIPS-enabled system, or convert existing keys to a FIPS-compatible format using a command such as the following:

openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa
Important: When set to true, all ciphers and hash algorithms that are not FIPS compliant will abort transfers.
true or false false
Encryption Allowed Set the type of transfer encryption accepted by this computer. Set to any to allow both encrypted and non-encrypted transfers to this computer. Set to none to allow only non-encrypted transfers. Set to aes-128 to allow only encrypted transfers. any, noneaes-128, aes-192, or aes-256 any