Aspera

Aspera

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

How To: SAML Configuration in Faspex 5.x

By Anya Behn posted Thu May 25, 2023 12:42 AM

  

Hi! 

Here is how to configure SAML (with your idp provider) to talk to Faspex 5.x.

Here is the IBM Aspera SAML documentation:
https://www.ibm.com/docs/en/aspera-faspex/5.0.5?topic=saml-creating-new-configuration-in-faspex

Below is the specific template configuration for Okta, to give you a specific example

SAML Configuration for Faspex 5 with Okta as your Identity Provider (also known as your IDP).

Below, angle brackets  <xyz> indicate a variable specific to your customer configuration.

 

SSO URL:   https://<faspex.domain.com>/aspera/faspex/api/v5/samls/<ID>/callback (can be the same for recipient and destination.)

Audience URI (SP Entity ID): https://<beta.faspex5.com>/aspera/faspex/api/v5/samls/<35>/saml_metadata

[Note: these are names for the same thing]

Audience Restriction:  https://<faspex.domain.com/aspera/faspex/api/v5/samls/<ID>/saml_metadata

 

Default Relay State: 

Note: If you have a custom UI, then the Relay field is not blank.

Have the custom ui use the API to faspex backend, then api redirects to Faspex 5 ui.

 

Name id format: unspecified

Application username: okta username (or okta username prefix)—depends on your configuration.

Update application username on : Create and update

 screenshot from Okta SAML configuration screen on okta.com (your developer login)

Above, “Okta-Group” is whatever groups you have defined in your specific setup.

 

Here is a browser extension tool that may be helpful for debugging:

SAML-tracer — you can give the response from that to our Aspera support team.

 

Note: The Admin adding the SAML configuration to Faspex5 needs to be a member of the named “Okta-Group”.
#okta 
#setup 
#configuration 
#SAML #Aspera  #faspex5

0 comments
14 views

Permalink