Aspera

 View Only

How To: SAML Configuration in Faspex 5.x

By Anya Behn posted Thu May 25, 2023 12:42 AM

  

Hi! 

Here is how to configure SAML (with your idp provider) to talk to Faspex 5.x.

Here is the IBM Aspera SAML documentation:
https://www.ibm.com/docs/en/aspera-faspex/5.0.5?topic=saml-creating-new-configuration-in-faspex

Below is the specific template configuration for Okta, to give you a specific example

SAML Configuration for Faspex 5 with Okta as your Identity Provider (also known as your IDP).

Below, angle brackets  <xyz> indicate a variable specific to your customer configuration.

 

SSO URL:   https://<faspex.domain.com>/aspera/faspex/api/v5/samls/<ID>/callback (can be the same for recipient and destination.)

Audience URI (SP Entity ID): https://<beta.faspex5.com>/aspera/faspex/api/v5/samls/<35>/saml_metadata

[Note: these are names for the same thing]

Audience Restriction:  https://<faspex.domain.com/aspera/faspex/api/v5/samls/<ID>/saml_metadata

 

Default Relay State: 

Note: If you have a custom UI, then the Relay field is not blank.

Have the custom ui use the API to faspex backend, then api redirects to Faspex 5 ui.

 

Name id format: unspecified

Application username: okta username (or okta username prefix)—depends on your configuration.

Update application username on : Create and update

 screenshot from Okta SAML configuration screen on okta.com (your developer login)

Above, “Okta-Group” is whatever groups you have defined in your specific setup.

 

Here is a browser extension tool that may be helpful for debugging:

SAML-tracer — you can give the response from that to our Aspera support team.

 

Note: The Admin adding the SAML configuration to Faspex5 needs to be a member of the named “Okta-Group”.
#okta 
#setup 
#configuration 
#SAML #Aspera  #faspex5

0 comments
12 views

Permalink