The settings in the <authorization> section of
aspera.conf include transfer permissions and token configuration.
Tokens are used by Aspera web applications to authorize transfers between Aspera clients and
servers.
Note: For security, Aspera recommends denying incoming and outgoing transfers
globally, then allowing transfers by individual users, as needed. For a compilation of
server security best practices, see
Aspera Ecosystem Security Best Practices.
Configuration methods: These instructions describe how
to manually modify
aspera.conf. You can also add and edit these
parameters using
asconfigurator commands. For more information on
using
asconfigurator, see
User, Group and Default Configurations and run
the following command to retrieve a complete default
aspera.conf that includes the
asconfigurator syntax for each
setting:
# /opt/aspera/bin/asuserdata -+
-
Open aspera.conf from the following location:
/opt/aspera/etc/aspera.conf
-
Add or locate the <authorization> section, as in the following
example:
<authorization>
<transfer>
<in>
<value>allow</value> <!-- Incoming Transfer -->
<external_provider>
<url>...</url> <!-- Incoming External Provider URL -->
<soap>...</soap> <!-- Incoming External Provider SOAP Action -->
</external_provider>
</in>
<out>
<value>allow</value> <!-- Outgoing Transfer -->
<external_provider>
<url>...</url> <!-- Outgoing External Provider URL -->
<soap>...</soap> <!-- Outgoing External Provider SOAP Action -->
</external_provider>
</out>
</transfer>
<token>
<encryption_type>aes-128</encryption_type> <!-- Token Encryption Cipher -->
<encryption_key> </encryption_key> <!-- Token Encryption Key -->
<filename_hash> </filename_hash> <!-- Token Filename Hash -->
<life_seconds>86400</life_seconds> <!-- Token Life (seconds) -->
</token>
</authorization>
-
Edit settings as needed.
Authorization Settings Reference
| Field |
Description |
Values |
Default |
| Incoming Transfers |
To enable users to transfer to this computer, leave the default setting of
allow. Set to deny to prevent transfers to this
computer. Set to token to allow only transfers initiated with valid
tokens to this computer. Token-based transfers are typically used by web
applications such as IBM Aspera Faspex and IBM Aspera Shares and require a Token Encryption Key. |
allow, deny, or token |
allow |
| Incoming External Provider URL |
Set the URL of the external authorization provider for incoming
transfers. The default empty setting disables external authorization. Aspera
servers can be configured to check with an external authorization provider.
This SOAP authorization mechanism can be useful to organizations requiring
custom authorization rules. Requires a value for Incoming External Provider
SOAP Action. |
HTTP URL |
blank |
| Incoming External Provider SOAP Action |
The SOAP action required by the external authorization provider for incoming
transfers. Required if Incoming External Provider URL is set. |
text string |
blank |
| Outgoing Transfers |
To enable users to transfer from this computer, leave the default setting of
allow. Set to deny to prevent transfers from this
computer. Set to token to allow only transfers initiated with valid
tokens from this computer. Token-based transfers are typically used by web
applications such as Faspex and require a Token Encryption Key. |
allow, deny, or token |
allow |
| Outgoing External Provider URL |
Set the URL of the external authorization provider for outgoing transfers. The default
empty setting disables external authorization. HST Server can be
configured to check with an external authorization provider. This SOAP
authorization mechanism can be useful to organizations requiring custom
authorization rules. Requires a value for Outgoing External Provider Soap
Action. |
HTTP URL |
blank |
| Outgoing External Provider Soap Action |
The SOAP action required by the external authorization provider for outgoing
transfers. Required if Outgoing External Provider URL is set. |
text string |
blank |
| Token Encryption Cipher |
Set the cipher used to generate encrypted transfer tokens. |
aes-128, aes-192, or aes-256 |
aes-128 |
| Token Encryption Key |
Set the secret text phrase that is used to authorize those transfers
configured to require token. Aspera recommends setting a token encryption
key of at least 20 random characters. For more information, see Require Token Authorization: Set in the GUI or Require Token Authorization: Set from the Command Line. |
text string |
blank |
| Token Filename Hash |
Set the algorithm with which filenames inside transfer tokens should be hashed. Use
MD5 for backward compatibility. |
sha1, md5, or sha-256 |
sha-256 |
| Token Life (seconds) |
Set the token expiration for users of web-based transfer applications. |
positive integer |
86400 (24 hrs) |
-
Save and validate aspera.conf.
Run the following command to confirm that the XML is correctly formatted and
the parameter settings are
valid:
# /opt/aspera/bin/asuserdata -v