Scroll to navigation

ipsilon-server-install(1) Ipsilon Manual Pages ipsilon-server-install(1)

NAME

ipsilon-server-install - Configure an Ipsilon Identity Provider instance

SYNOPSIS

ipsilon-server-install [OPTION]...

DESCRIPTION

Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.

Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.

Ipsilon supports three types of plugins:

1. Authentication provider plugins - implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled.
2. Login plugins - mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled.
3. Info plugins - sources where additional attributes of the user may be obtained.

There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.

The installation details are logged to /var/log/ipsilon-install.log.

DATABASES

Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the --database-url and/or *-dburi options can be used to provide the database URIs. This should probably be used in load-balanced situations so all servers can use the same database.

An example of a specific URI is
--users_dburi=postgresql://@dbserver.example.com:45432/users

The templatized version would be
--database-url=postgresql://@dbserver.example.com:45432/%(dbname)s

OPTIONS

BASIC OPTIONS

Show this help message and exit
Show program's version number and exit
Comma separated list of login managers
The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata
Ipsilon instance name
User account used to run the server
User account that is assigned Ipsilon admin privileges
The (templatized) database URL to use
Boolean to turn on all security checks
Enable debugging
Uninstall the server and all data
Always answer yes
Configuration database URI (override template)
User configuration database URI (override template)
Transaction database URI (override template)

AUTHENTICATION PROVIDER OPTIONS

Configure OpenID Provider
OpenID database URI (override template)
Configure Persona Provider
Configure SAML2 Provider
Metadata validity period in days (default - 1825)

LOGIN MANAGER OPTIONS

Configure External Form authentication
PAM service name to use for authentication
Configure FAS (Fedora Authentication System) authentication
Configure LDAP authentication
LDAP Server Url
LDAP Bind DN Template
LDAP TLS level
LDAP Base DN
Configure Kerberos authentication
Kerberos keytab location for HTTPD
Configure PAM authentication
PAM service name to use for authentication
Configure testing environment authentication

INFO PROVIDER OPTIONS

--info-ldap Use LDAP to populate user attrs

LDAP Server Url
LDAP Bind DN
LDAP Bind Password
LDAP User DN Template
LDAP Base DN
Use passwd data to populate user attrs
Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre-configured for at least one domain.
SSSD domain to enable mod_lookup_identity for (default is all)

ENVIRONMENT HELPER OPTIONS

--ipa Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.

EXIT STATUS

0 if the installation was successful

1 if an error occurred

SEE ALSO

ipsilon(7), ipsilon-client-install(1)

1.0.0 Ipsilon