Configuring Your Identity Provider (IdP)
IdP Requirements
To use SAML with IBM Aspera Faspex, you must already have an identity provider (IdP) that meets the following requirements:
- Supports SAML 2.0
- Able to use an HTTP POST Binding.
- Able to connect to the same directory service that IBM Aspera Faspex uses.
- Not configured to use pseudonyms.
- Can return assertions to IBM Aspera Faspex that include the entire contents of the signing certificate.
- If prompted, set to sign the SAML response. (Signing the SAML assertion is optional.)
IdP Metadata Formats
You must configure formats to set up your IdP to work with IBM Aspera Faspex:| Tag | Format |
|---|---|
| NameID Format | Faspex supports the following formats:
|
| Entity ID | https://faspex_ip/aspera/faspex/auth/saml/metadata/saml_id |
| Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
| Callback URL | https://faspex_ip/aspera/faspex/auth/saml/callback?id=saml_id |
If the IdP is capable of reading SAML XML metadata for a service provider, you can upload a saved XML metadata file to configure the IdP. You can retrieve the XML metadata for an existing IBM Aspera Faspex by going to https://server_ip/aspera/faspex/auth/saml/metadata/saml_id and saving the XML as an XML file.
Note: The
saml_id specifies the SAML configuration. For example, in
the case of multiple SAML configurations, the first configuration is associated
with the SAML ID "1", the next configuration "2", and so
on.
SAML Assertion Requirements
IBM Aspera Faspex: expects assertion from an IdP to contain the following elements:
| Default Attribute | IBM Aspera Faspex User Field | Required |
|---|---|---|
| NameID / SAML_SUBJECT | Username | Yes, with the format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
| Email address | Yes | |
| given_name | First name | Yes |
| surname | Last name | Optional |
| member_of | SAML group | Necessary for SAML groups |
Tip: You can configure the IBM Aspera Faspex user fields to map to different attributes in the
IBM Aspera Faspex SAML configuration settings.