ipsilon-server-install man page

ipsilon-server-install — Configure an Ipsilon Identity Provider instance


ipsilon-server-install [OPTION]...


Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.

Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.

Ipsilon supports three types of plugins:

1. Authentication provider plugins - implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled.
2. Login plugins - mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled.
3. Info plugins - sources where additional attributes of the user may be obtained.

There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.

The installation details are logged to /var/log/ipsilon-install.log.


Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the --database-url and/or *-dburi options can be used to provide the database URIs. This should probably be used in load-balanced situations so all servers can use the same database.

An example of a specific URI is

The templatized version would be


Basic Options

-h, --help
Show this help message and exit
Show program's version number and exit
-o LM_ORDER, --login-managers-order LM_ORDER
Comma separated list of login managers
--hostname HOSTNAME
The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata
--instance INSTANCE
Ipsilon instance name
--system-user SYSTEM_USER
User account used to run the server
--admin-user ADMIN_USER
User account that is assigned Ipsilon admin privileges
--database-url DATABASE_URL
The (templatized) database URL to use
Boolean to turn on all security checks
Enable debugging
Uninstall the server and all data
Always answer yes
--admin-dburi ADMIN_DBURI
Configuration database URI (override template)
--users-dburi USERS_DBURI
User configuration database URI (override template)
--transaction-dburi TRANSACTION_DBURI
Transaction database URI (override template)

Authentication Provider Options

Configure OpenID Provider
--openid-dburi OPENID_DBURI
OpenID database URI (override template)
Configure Persona Provider
Configure SAML2 Provider
--saml2-metadata-validity SAML2_METADATA_VALIDITY
Metadata validity period in days (default - 1825)

Login Manager Options

Configure External Form authentication
--form-service FORM_SERVICE
PAM service name to use for authentication
Configure FAS (Fedora Authentication System) authentication
Configure LDAP authentication
--ldap-server-url LDAP_SERVER_URL
LDAP Server Url
--ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
LDAP Bind DN Template
--ldap-tls-level LDAP_TLS_LEVEL
LDAP TLS level
--ldap-base-dn LDAP_BASE_DN
Configure Kerberos authentication
--krb-httpd-keytab KRB_HTTPD_KEYTAB
Kerberos keytab location for HTTPD
Configure PAM authentication
--pam-service PAM_SERVICE
PAM service name to use for authentication
Configure testing environment authentication

Info Provider Options

--info-ldap Use LDAP to populate user attrs

--info-ldap-server-url INFO_LDAP_SERVER_URL
LDAP Server Url
--info-ldap-bind-dn INFO_LDAP_BIND_DN
--info-ldap-bind-pwd INFO_LDAP_BIND_PWD
LDAP Bind Password
--info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
LDAP User DN Template
--info-ldap-base-dn INFO_LDAP_BASE_DN
Use passwd data to populate user attrs
Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre-configured for at least one domain.
--info-sssd-domain INFO_SSSD_DOMAIN
SSSD domain to enable mod_lookup_identity for (default is all)

Environment Helper Options

--ipa Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.

Exit Status

0 if the installation was successful

1 if an error occurred

See Also

ipsilon(7), ipsilon-client-install(1)

Referenced By

ipsilon(7), ipsilon.conf(5).

Explore man page connections for ipsilon-server-install(1).

Ipsilon 1.2.0 Ipsilon Manual Pages