table of contents
ipsilon-server-install(1) | Ipsilon Manual Pages | ipsilon-server-install(1) |
NAME¶
ipsilon-server-install - Configure an Ipsilon Identity Provider instance
SYNOPSIS¶
ipsilon-server-install [OPTION]...
DESCRIPTION¶
Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.
Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.
Ipsilon supports three types of plugins:
1. Authentication provider plugins - implements an authentication
protocol such as SAML 2, OpenID or Persona. At least one needs to be
enabled.
2. Login plugins - mechanisms for authenticating including GSSAPI, LDAP, PAM,
etc. At least one should be enabled.
3. Info plugins - sources where additional attributes of the user may be
obtained.
There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.
The installation details are logged to /var/log/ipsilon-install.log.
DATABASES¶
Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the --database-url and/or *-dburi options can be used to provide the database URIs. This should probably be used in load-balanced situations so all servers can use the same database.
An example of a specific URI is
--users_dburi=postgresql://@dbserver.example.com:45432/users
The templatized version would be
--database-url=postgresql://@dbserver.example.com:45432/%(dbname)s
OPTIONS¶
BASIC OPTIONS¶
- -h, --help
- Show this help message and exit
- --version
- Show program's version number and exit
- -o LM_ORDER, --login-managers-order LM_ORDER
- Comma separated list of login managers
- --hostname HOSTNAME
- The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata
- --instance INSTANCE
- Ipsilon instance name
- --system-user SYSTEM_USER
- User account used to run the server
- --admin-user ADMIN_USER
- User account that is assigned Ipsilon admin privileges
- --database-url DATABASE_URL
- The (templatized) database URL to use
- --secure
- Boolean to turn on all security checks
- --server-debugging
- Enable debugging
- --uninstall
- Uninstall the server and all data
- --yes
- Always answer yes
- --admin-dburi ADMIN_DBURI
- Configuration database URI (override template)
- --users-dburi USERS_DBURI
- User configuration database URI (override template)
- --transaction-dburi TRANSACTION_DBURI
- Transaction database URI (override template)
AUTHENTICATION PROVIDER OPTIONS¶
- --openid
- Configure OpenID Provider
- --openid-dburi OPENID_DBURI
- OpenID database URI (override template)
- --persona
- Configure Persona Provider
- --saml2
- Configure SAML2 Provider
- --saml2-metadata-validity SAML2_METADATA_VALIDITY
- Metadata validity period in days (default - 1825)
LOGIN MANAGER OPTIONS¶
- --form
- Configure External Form authentication
- --form-service FORM_SERVICE
- PAM service name to use for authentication
- --fas
- Configure FAS (Fedora Authentication System) authentication
- --ldap
- Configure LDAP authentication
- --ldap-server-url LDAP_SERVER_URL
- LDAP Server Url
- --ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
- LDAP Bind DN Template
- --ldap-tls-level LDAP_TLS_LEVEL
- LDAP TLS level
- --ldap-base-dn LDAP_BASE_DN
- LDAP Base DN
- --krb
- Configure Kerberos authentication
- --krb-httpd-keytab KRB_HTTPD_KEYTAB
- Kerberos keytab location for HTTPD
- --pam
- Configure PAM authentication
- --pam-service PAM_SERVICE
- PAM service name to use for authentication
- --testauth
- Configure testing environment authentication
INFO PROVIDER OPTIONS¶
--info-ldap Use LDAP to populate user attrs
- --info-ldap-server-url INFO_LDAP_SERVER_URL
- LDAP Server Url
- --info-ldap-bind-dn INFO_LDAP_BIND_DN
- LDAP Bind DN
- --info-ldap-bind-pwd INFO_LDAP_BIND_PWD
- LDAP Bind Password
- --info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
- LDAP User DN Template
- --info-ldap-base-dn INFO_LDAP_BASE_DN
- LDAP Base DN
- --info-nss
- Use passwd data to populate user attrs
- --info-sssd
- Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre-configured for at least one domain.
- --info-sssd-domain INFO_SSSD_DOMAIN
- SSSD domain to enable mod_lookup_identity for (default is all)
ENVIRONMENT HELPER OPTIONS¶
--ipa Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.
EXIT STATUS¶
0 if the installation was successful
1 if an error occurred
SEE ALSO¶
1.0.0 | Ipsilon |