1ipsilon-client-install(1) Ipsilon Manual Pages ipsilon-client-install(1)
2
6 ipsilon-client-install - Configure an Ipsilon client
7
9 ipsilon-client-install [OPTION]...
10
12 Configures a server to be used as a Service Provider (SP) in federation
13 with an Ipsilon instance as its Identity Provider (IdP).
14 By default, Apache is configured using mod_auth_mellon to handle the
16 SAML 2 Federation.
17
19 -h, --help Show help message and exit
20 --version
22 Show program's version number and exit
23 --hostname HOSTNAME
25 Machine's fully qualified host name
26 --port PORT
28 Port number that SP listens on. The default is to not set a spe‐
29 cific listen port. The --saml-secure-setup option can affect
30 this.
31 --admin-user ADMIN_USER
33 Account allowed to create a Service Provider (SP). The default
34 is admin.
35 --admin-password ADMIN_PASSWORD
37 File containing the password for the account used toc reate a SP
38 (- to read from stdin)
39 --httpd-user HTTPD_USER
41 Web server account used. Some files created by the installation
42 will be chown(1) to this user. The default is apache.
43 --saml Boolean value whether to install a saml2 SP or not. Default is
45 True.
46 --saml-idp-url SAML_IDP_URL
48 An URL of the Ipsilon instance to register the SP with.
49 --saml-idp-metadata SAML_IDP_METADATA
51 An URL pointing at the IDP Metadata (FILE or HTTP)
52 --saml-no-httpd
54 Do not configure httpd. The default is False.
55 --saml-base SAML_BASE
57 Where saml2 authdata is available (default: /)
58 --saml-auth SAML_AUTH
60 Where saml2 authentication is enforced. The default is
61 /saml2protected. This only applies when configuring Apache.
62 --saml-sp SAML_SP
64 Where saml communication happens. The default is /saml2.
65 --saml-sp-logout SAML_SP_LOGOUT
67 Single Logout URL. The default is /saml2/logout.
68 --saml-sp-post SAML_SP_POST
70 Post response URL. The default is /saml2/postResponse.
71 --saml-secure-setup
73 Turn on all security checks. The default is True.
74 --saml-nameid
76 The saml2 NameID format that this SP will use. Must be one of:
77 x509,transient,persistent,windows,encrypted,ker‐
78 beros,email,unspecified,entity. The default is unspecified.
79 --saml-sp-name SAML_SP_NAME
81 The SP name to register with the IdP.
82 --debug
84 Turn on script debugging
85 --uninstall
87 Uninstall the ipsilon client
88
90 Two levels of SSL certificates may be used in an Ipsilon instalation.
91 An X509 signing certificate is used by Ipsilon to sign SAML 2 messages.
93 The public key of the certificate is passed in the SAML metadata
94 exchanged between the Identity Provider and the Service Provider. This
95 certificate and key are automatically generated.
96 Any page on the SP that will use the authentication provided by the IdP
98 will need to be protected by SSL in order to access the secure cookie
99 that the IdP provides. Ipsilon does not provide this certificate.
100
102 Install a SAML 2 SP using the IdP instance idp on idp.example.com.
103 # ipsilon-client-install --saml-idp-metadata https://idp.exam‐
105 ple.com/idp/saml2/metadata --saml-auth /protected
106 Any unauthenticated request to /protected will trigger a redirect to
108 the IdP for authentication.
109 Once the SP has been generated it needs to be registered with the IdP.
111
113 0 if the installation was successful
114 1 if an error occurred
116
118 ipsilon(7)
119Ipsilon 1.0.0 ipsilon-client-install(1)