Asana general instructions are at https://asana.com/guide/help/premium/premium-organizations#gl-saml. Unfortunately, their manual config instructions are an outdated google doc with screenshots of how to configure ADFS. Here's the info you need for Shibboleth:

EntityID is https://app.asana.com/

Send the user's email address as the NameID using

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Asana does not support encrypting assertions or responses – don't try it
In Asana, configure the HTTP-Redirect URL as the sign-on URL

Here's metadata for Asana since they don't provide any.

SP Metadata

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://app.asana.com/">
        <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
                <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app.asana.com/-/saml/consume" index="0"/>
        </md:SPSSODescriptor>
</md:EntityDescriptor>

Browser not supported