Working with SAML |
IBM Aspera Shares supports Security Assertion Markup Language (SAML) 2.0, an XML-based standard that allows secure web domains to exchange user authentication and authorization data. With the SAML model, you can configure Shares as a SAML online service provider (SP) that contacts a separate online identity provider (IdP) to authenticate users. Authenticated users can then use Shares to access secure content.
With SAML enabled, Shares redirects a user to the IdP sign-on URL. The user signs in with the IdP and the IdP sends a SAML assertion back to Shares, which grants the user access to Shares. When a SAML user logs in to Shares for the first time, Shares automatically creates a new user account based on the information provided by the SAML response. Any changes subsequently made to the account on the DS server are not automatically picked up by Shares. For more information about user provisioning for SAML users, see User Accounts Provisioned by Just-In-Time (JIT) Provisioning.
To use SAML with Shares, you must already have an identity provider (IdP) that meets the following requirements:
Shares provides a mechanism for users to bypass the SAML redirect and log in using a local username and password. This feature allows admins to correct server settings, including a mis-configured SAML setup, without logging in through SAML.
To bypass the SAML login, add login?local=true to the end of the login URL. For example:https://198.51.100.48/login?local=true