Working with SAML |
The following instructions to configure SAML for IBM Aspera Shares assume that you have an IdP that meets the following requirements:
You must set the following information to set up your Identity Provider to work with Shares:
Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Entity ID | https://shares.example.com/auth/saml/metadata |
Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
Callback URL | https://shares.example.com/auth/saml/callback |
You can retrieve this data directly from auth/saml/metadata if the IdP is capable of reading SAML XML metadata for a service provider.
Shares expects assertion messages from an IdP to contain the following elements:
Element | Required? | Format |
---|---|---|
SAML_SUBJECT | Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | |
given_name | Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
id | Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
surname | Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
NameID | Yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
member_of | Necessary for SAML groups | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |