aspera.conf - Authorization configuration

The settings in the <authorization> section of aspera.conf include transfer permissions and token configuration. Tokens are used by Aspera web applications to authorize transfers between Aspera clients and servers.

About this task

Note: For security, deny incoming and outgoing transfers globally, then allow transfers by individual users, as needed.
Configuration methods: These instructions describe how to manually modify aspera.conf. You can also add and edit these parameters that use asconfigurator commands. For more information on using asconfigurator, see User, group, and default configurations. Run the following command to retrieve a complete default aspera.conf file that includes the asconfigurator syntax for each setting: 
$ /Library/Aspera/bin/asuserdata -+

Procedure

  1. Open aspera.conf from the following location:

    /Library/Aspera/etc/aspera.conf

  2. Add or locate the <authorization> section, as in the following example: 
    <authorization>
   <transfer>
      <in>
         <value>allow</value>       <!-- Incoming Transfer -->
         <external_provider>
            <url>...</url>   <!-- Incoming External Provider URL -->
            <soap>...</soap> <!-- Incoming External Provider SOAP Action -->
         </external_provider>
      </in>
      <out>
         <value>allow</value>       <!-- Outgoing Transfer -->
         <external_provider>
            <url>...</url>   <!-- Outgoing External Provider URL -->
            <soap>...</soap> <!-- Outgoing External Provider SOAP Action -->
         </external_provider>
      </out>
   </transfer>
   <token>
     <encryption_type>aes-128</encryption_type> <!-- Token Encryption Cipher -->
     <encryption_key> </encryption_key>         <!-- Token Encryption Key -->
     <filename_hash> </filename_hash>           <!-- Token Filename Hash -->
     <life_seconds>86400</life_seconds>         <!-- Token Life (seconds) -->
   </token>
</authorization>
  3. Edit settings as needed.
    Authorization settings reference
    Field Description Values Default
    Incoming Transfers

    allow - enable users to transfer to this computer.

    deny - prevents the transfers to this computer.

    token - allows only the transfers that were initiated with valid tokens to this computer. Token-based transfers are typically used by web applications such as IBM Aspera Faspex and IBM Aspera Shares and require a Token Encryption Key.

    		 allow, deny, or token allow
    Incoming External Provider URL Set the URL of the external authorization provider for incoming transfers. The default empty setting disables external authorization. Aspera® servers can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations that require custom authorization rules. Requires a value for Incoming External Provider SOAP Action. HTTP URL blank
    Incoming External Provider SOAP Action The SOAP action required by the external authorization provider for incoming transfers. Required if incoming external provider URL is set. text string blank
    Outgoing Transfers

    allow - enable users to transfer from this computer.

    deny - prevents the transfer from this computer.

    token - allows only the transfers that were initiated with valid tokens from this computer. Token based transfers are typically used by web applications such as IBM Aspera Faspex and IBM Aspera Shares and require a Token Encryption Key.

    		 allow, deny, or token allow
    Outgoing External Provider URL Set the URL of the external authorization provider for outgoing transfers. The default empty setting disables external authorization. HSTS can be configured to check with an external authorization provider. This SOAP authorization mechanism can be useful to organizations that requires custom authorization rules. Requires a value for Outgoing External Provider SOAP action. HTTP URL blank
    Outgoing External Provider Soap Action The SOAP action required by the external authorization provider for outgoing transfers. Required if Outgoing External Provider URL is set. text string blank
    Token Encryption Cipher Set the cipher used to generate encrypted transfer tokens. aes-128, aes-192, or aes-256 aes-128
    Token Encryption Key Set the secret text phrase that is used to authorize the transfers that are configured to require a token. For security, set a token encryption key of at least 20 random characters. For more information, see Require token authorization: Set in the GUI. text string blank
    Token Filename Hash Set the algorithm with which filenames inside transfer tokens should be hashed. Use MD5 for backward compatibility. sha1, md5, or sha-256 sha-256
    Token Life (seconds) Set the token expiration for users of web-based transfer applications. positive integer 86400 (24 hrs)
  4. Save and validate aspera.conf.
    Run the following command to confirm that the XML is correctly formatted and the parameter settings are valid: 
    $ /Library/Aspera/bin/asuserdata -v