Identity provider (IdP) requirements
IdP requirements
Make sure your IdP meets these requirements:
- Supports SAML 2.0
- Able to use an HTTP POST Binding
- Not configured to use pseudonyms
- Can return assertions to Faspex that include the entire contents of the signing certificate
- If prompted, set to sign the SAML response
Uploading a Faspex SAML configuration metadata file to configure the IdP
If the IdP is capable of reading SAML XML metadata for a service provider, you can upload a saved XML metadata file to configure the IdP.
To access the XML metadata:
- Go to Server > Authentication > SAML.
- Right-click the SAML configuration and select Metadata from the overflow menu.
IdP metadata tags
Configure IdP tags for Faspex:
| Tag | Format |
|---|---|
| NameID Format | Supported formats:
|
| Entity ID | https://faspex_ip/aspera/faspex/api/v5/samls/saml_id/saml_metadata |
| Binding | urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST |
| Callback URL | https://faspex_ip/aspera/faspex/api/v5/samls/saml_id/callback |
SAML assertion requirements
Faspex expects assertion from an IdP to contain the following elements:
| Default Attribute | Faspex User Field | Required |
|---|---|---|
| NameID | Username | Yes |
| Email address | Yes | |
| given_name | First name | Yes |
| surname | Last name | Optional |
| member_of | SAML group | Necessary for SAML groups |
Note: Some IdPs may refer to the NameID attribute as SAML_SUBJECT.