Shibboleth 2CommercialInteropAsana

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Asana

Owned by David Langenberg
Last updated: Jul 01, 2015

Asana general instructions are at https://asana.com/guide/help/premium/premium-organizations#gl-saml.  Unfortunately, their manual config instructions are an outdated google doc with screenshots of how to configure ADFS.  Here's the info you need for Shibboleth:

 

  1. EntityID is https://app.asana.com/
  2. Send the user's email address as the NameID using 
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

  3. Asana does not support encrypting assertions or responses – don't try it

  4. In Asana, configure the HTTP-Redirect URL as the sign-on URL

 

Here's metadata for Asana since they don't provide any.

 

SP Metadata
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://app.asana.com/">
        <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
                <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://app.asana.com/-/saml/consume" index="0"/>
        </md:SPSSODescriptor>
</md:EntityDescriptor>