/

ipsilon-server-install (1) Linux Manual Page

ByLinux Manual Posted on Updated on

NAME

ipsilon-server-install – Configure an Ipsilon Identity Provider instance

SYNOPSIS

ipsilon-server-install [OPTION]…

DESCRIPTION

Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.

Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.

Ipsilon supports three types of plugins:

1. Authentication provider plugins – implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled.
2. Login plugins – mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled.
3. Info plugins – sources where additional attributes of the user may be obtained.

There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.

The installation details are logged to /var/log/ipsilon-install.log.

DATABASES

Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the –database-url and/or *-dburi options can be used to provide the database URIs. This should probably be used in load-balanced situations so all servers can use the same database.

An example of a specific URI is
–users_dburi=postgresql://@dbserver.example.com:45432/users

The templatized version would be
–database-url=postgresql://@dbserver.example.com:45432/%(dbname)s

OPTIONS

BASIC OPTIONS

-h, –help

Show this help message and exit

–version

Show program’s version number and exit

-o LM_ORDER, –login-managers-order LM_ORDER

Comma separated list of login managers

–hostname HOSTNAME

The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata

–instance INSTANCE

Ipsilon instance name

–system-user SYSTEM_USER

User account used to run the server

–admin-user ADMIN_USER

User account that is assigned Ipsilon admin privileges

–database-url DATABASE_URL

The (templatized) database URL to use

–secure

Boolean to turn on all security checks

–server-debugging

Enable debugging

–uninstall

Uninstall the server and all data

–yes

Always answer yes

–admin-dburi ADMIN_DBURI

Configuration database URI (override template)

–users-dburi USERS_DBURI

User configuration database URI (override template)

–transaction-dburi TRANSACTION_DBURI

Transaction database URI (override template)

AUTHENTICATION PROVIDER OPTIONS

–openid

Configure OpenID Provider

–openid-dburi OPENID_DBURI

OpenID database URI (override template)

–persona

Configure Persona Provider

–saml2

Configure SAML2 Provider

–saml2-metadata-validity SAML2_METADATA_VALIDITY

Metadata validity period in days (default – 1825)

LOGIN MANAGER OPTIONS

–form

Configure External Form authentication

–form-service FORM_SERVICE

PAM service name to use for authentication

–fas

Configure FAS (Fedora Authentication System) authentication

–ldap

Configure LDAP authentication

–ldap-server-url LDAP_SERVER_URL

LDAP Server Url

–ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE

LDAP Bind DN Template

–ldap-tls-level LDAP_TLS_LEVEL

LDAP TLS level

–ldap-base-dn LDAP_BASE_DN

LDAP Base DN

–krb

Configure Kerberos authentication

–krb-httpd-keytab KRB_HTTPD_KEYTAB

Kerberos keytab location for HTTPD

–pam

Configure PAM authentication

–pam-service PAM_SERVICE

PAM service name to use for authentication

–testauth

Configure testing environment authentication

INFO PROVIDER OPTIONS

–info-ldap Use LDAP to populate user attrs

–info-ldap-server-url INFO_LDAP_SERVER_URL

LDAP Server Url

–info-ldap-bind-dn INFO_LDAP_BIND_DN

LDAP Bind DN

–info-ldap-bind-pwd INFO_LDAP_BIND_PWD

LDAP Bind Password

–info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE

LDAP User DN Template

–info-ldap-base-dn INFO_LDAP_BASE_DN

LDAP Base DN

–info-nss

Use passwd data to populate user attrs

–info-sssd

Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre-configured for at least one domain.

–info-sssd-domain INFO_SSSD_DOMAIN

SSSD domain to enable mod_lookup_identity for (default is all)

ENVIRONMENT HELPER OPTIONS

–ipa Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.

EXIT STATUS

0 if the installation was successful

1 if an error occurred

SEE ALSO

ipsilon(7), ipsilon-client-install(1)

Index

Leave a Reply

Your email address will not be published. Required fields are marked *