ipsilon-server-install man page

ipsilon-server-install — Configure an Ipsilon Identity Provider instance

Synopsis

ipsilon-server-install [OPTION]...

Description

Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.

Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.

Ipsilon supports three types of plugins:

1. Authentication provider plugins - implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled.
2. Login plugins - mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled.
3. Info plugins - sources where additional attributes of the user may be obtained.

There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.

The installation details are logged to /var/log/ipsilon-install.log.

Databases

Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the --database-url and/or *-dburi options can be used to provide the database URIs. This should probably be used in load-balanced situations so all servers can use the same database.

An example of a specific URI is
--users_dburi=postgresql://@dbserver.example.com:45432/users

The templatized version would be
--database-url=postgresql://@dbserver.example.com:45432/%(dbname)s

Options

Basic Options

-h, --help
Show this help message and exit
--version
Show program's version number and exit
-o LM_ORDER, --login-managers-order LM_ORDER
Comma separated list of login managers
--hostname HOSTNAME
The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata
--instance INSTANCE
Ipsilon instance name
--system-user SYSTEM_USER
User account used to run the server
--admin-user ADMIN_USER
User account that is assigned Ipsilon admin privileges
--database-url DATABASE_URL
The (templatized) database URL to use
--secure
Boolean to turn on all security checks
--server-debugging
Enable debugging
--uninstall
Uninstall the server and all data
--yes
Always answer yes
--admin-dburi ADMIN_DBURI
Configuration database URI (override template)
--users-dburi USERS_DBURI
User configuration database URI (override template)
--transaction-dburi TRANSACTION_DBURI
Transaction database URI (override template)

Authentication Provider Options

--openid
Configure OpenID Provider
--openid-dburi OPENID_DBURI
OpenID database URI (override template)
--persona
Configure Persona Provider
--saml2
Configure SAML2 Provider
--saml2-metadata-validity SAML2_METADATA_VALIDITY
Metadata validity period in days (default - 1825)

Login Manager Options

--form
Configure External Form authentication
--form-service FORM_SERVICE
PAM service name to use for authentication
--fas
Configure FAS (Fedora Authentication System) authentication
--ldap
Configure LDAP authentication
--ldap-server-url LDAP_SERVER_URL
LDAP Server Url
--ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
LDAP Bind DN Template
--ldap-tls-level LDAP_TLS_LEVEL
LDAP TLS level
--ldap-base-dn LDAP_BASE_DN
LDAP Base DN
--krb
Configure Kerberos authentication
--krb-httpd-keytab KRB_HTTPD_KEYTAB
Kerberos keytab location for HTTPD
--pam
Configure PAM authentication
--pam-service PAM_SERVICE
PAM service name to use for authentication
--testauth
Configure testing environment authentication

Info Provider Options

--info-ldap Use LDAP to populate user attrs

--info-ldap-server-url INFO_LDAP_SERVER_URL
LDAP Server Url
--info-ldap-bind-dn INFO_LDAP_BIND_DN
LDAP Bind DN
--info-ldap-bind-pwd INFO_LDAP_BIND_PWD
LDAP Bind Password
--info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
LDAP User DN Template
--info-ldap-base-dn INFO_LDAP_BASE_DN
LDAP Base DN
--info-nss
Use passwd data to populate user attrs
--info-sssd
Use DBus to populate user attrs from SSSD. SSSD must be pre-configured for at least one domain.
--info-sssd-domain INFO_SSSD_DOMAIN
SSSD domain to enable for attribute passthrough (default is all)

Environment Helper Options

--ipa Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.

Exit Status

0 if the installation was successful

1 if an error occurred

See Also

ipsilon(7), ipsilon-client-install(1)

Referenced By

ipsilon(7), ipsilon.conf(5).

2.0.2 Ipsilon Ipsilon Manual Pages