Aspera®Shares™ supports Security Assertion Markup
Language (SAML) 2.0, an open, XML-based standard that enables secure web domains to
exchange user authentication and authorization data. With SAML, you can configure
the Aspera Shares web application as a SAML online service provider (OSP) that
contacts a separate online identity provider (IdP) to authenticate users who will
use Aspera Shares to access secure content.
With SAML enabled and configured, a user logging into Aspera Shares is redirected to
the IdPs sign-on URL. If the user has already signed in with the IdP, the IdP sends
a SAML assertion back to Aspera Shares. The user is now logged into Aspera
Shares.
Note: If SAML is enabled, accessing links in emails that were sent from a Shares 1.5 or
earlier will send users to the SAML login page instead of the local user login page.
Note: When SAML is enabled, Aspera Shares creates a user account based on the
information provided by a SAML response. Therefore, you do not need to create the
Aspera Shares user account manually. However, SAML does not register any changes to
the account made on the DS server.
These instructions assume that you have an IdP that meets the following
requirements:
- Can use an HTTP POST binding.
- Can connect to the same directory service being used by Aspera Shares.
- Is not configured to use pseudonyms.
- Can return assertions to Aspera Shares that include the entire contents of the
signing certificate.
Note: Do not enable SAML and DS together. Although a DS exists
behind a SAML IdP, Aspera Shares users do have access to it. If Aspera Shares is
being set up to use SAML, Aspera recommends the following:
- Disable DS sync.
- Remove existing DS users from the Aspera Shares system.
Note: If you log in as a SAML user, you are automatically added.