Working with SAML |
The following instructions to configure SAML for IBM Aspera Faspex on Demand assume that you have an IdP that meets the following requirements:
You must set the following information to set up your Identity Provider to work with Faspex on Demand:
Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
Entity ID | https://www.our-faspex-server.com/aspera/faspex/auth/saml/metadata |
Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
Callback URL | https://www.our-faspex-server.com/aspera/faspex/auth/saml/callback |
You can retrieve this data directly from auth/saml/metadata if the IdP is capable of reading SAML XML metadata for a service provider.
Faspex on Demand expects assertion messages from an IdP to contain the following elements:
Element | Required? | Format |
---|---|---|
SAML_SUBJECT | yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | |
given_name | yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
id | yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
surname | yes | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |