1ipsilon-server-install(1)    Ipsilon Manual Pages    ipsilon-server-install(1)
2
3
4

NAME

6       ipsilon-server-install   -   Configure  an  Ipsilon  Identity  Provider
7       instance
8

SYNOPSIS

10       ipsilon-server-install [OPTION]...
11

DESCRIPTION

13       Configure an Ipsilon instance to provide identity services using any of
14       the supported and enabled protocols.
15
16       Ipsilon uses a plugable framework so some options may not be available,
17       depending on what plugins have been installed.
18
19       Ipsilon supports three types of plugins:
20
21       1. Authentication provider plugins - implements an authentication  pro‐
22       tocol  such  as  SAML  2,  OpenID  or Persona. At least one needs to be
23       enabled.
24       2. Login plugins -  mechanisms  for  authenticating  including  GSSAPI,
25       LDAP, PAM, etc. At least one should be enabled.
26       3.  Info  plugins - sources where additional attributes of the user may
27       be obtained.
28
29       There are also environment helper options which aid in configuring  the
30       Identity  Provider  for  a  particular  environment,  such as a FreeIPA
31       domain.
32
33       The installation details are logged to /var/log/ipsilon-install.log.
34

DATABASES

36       Ipsilon  stores  configuration  and  session  information  in  database
37       tables. By default, a set of sqlite databases are used. If a full RDBMS
38       is desired then the --database-url and/or *-dburi options can  be  used
39       to provide the database URIs. This should probably be used in load-bal‐
40       anced situations so all servers can use the same database.
41
42       An example of a specific URI is
43       --users_dburi=postgresql://@dbserver.example.com:45432/users
44
45       The templatized version would be
46       --database-url=postgresql://@dbserver.example.com:45432/%(dbname)s
47

OPTIONS

49   BASIC OPTIONS
50       -h, --help
51              Show this help message and exit
52
53       --version
54              Show program's version number and exit
55
56       -o LM_ORDER, --login-managers-order LM_ORDER
57              Comma separated list of login managers
58
59       --hostname HOSTNAME
60              The hostname used by clients to reach  this  instance.  This  is
61              used to determine the URLs provided in SAML metadata
62
63       --instance INSTANCE
64              Ipsilon instance name
65
66       --system-user SYSTEM_USER
67              User account used to run the server
68
69       --admin-user ADMIN_USER
70              User account that is assigned Ipsilon admin privileges
71
72       --database-url DATABASE_URL
73              The (templatized) database URL to use
74
75       --secure
76              Boolean to turn on all security checks
77
78       --server-debugging
79              Enable debugging
80
81       --uninstall
82              Uninstall the server and all data
83
84       --yes  Always answer yes
85
86       --admin-dburi ADMIN_DBURI
87              Configuration database URI (override template)
88
89       --users-dburi USERS_DBURI
90              User configuration database URI (override template)
91
92       --transaction-dburi TRANSACTION_DBURI
93              Transaction database URI (override template)
94
95   AUTHENTICATION PROVIDER OPTIONS
96       --openid
97              Configure OpenID Provider
98
99       --openid-dburi OPENID_DBURI
100              OpenID database URI (override template)
101
102       --persona
103              Configure Persona Provider
104
105       --saml2
106              Configure SAML2 Provider
107
108       --saml2-metadata-validity SAML2_METADATA_VALIDITY
109              Metadata validity period in days (default - 1825)
110
111
112   LOGIN MANAGER OPTIONS
113       --form Configure External Form authentication
114
115       --form-service FORM_SERVICE
116              PAM service name to use for authentication
117
118       --fas  Configure FAS (Fedora Authentication System) authentication
119
120       --ldap Configure LDAP authentication
121
122       --ldap-server-url LDAP_SERVER_URL
123              LDAP Server Url
124
125       --ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
126              LDAP Bind DN Template
127
128       --ldap-tls-level LDAP_TLS_LEVEL
129              LDAP TLS level
130
131       --ldap-base-dn LDAP_BASE_DN
132              LDAP Base DN
133
134       --krb  Configure Kerberos authentication
135
136       --krb-httpd-keytab KRB_HTTPD_KEYTAB
137              Kerberos keytab location for HTTPD
138
139       --pam  Configure PAM authentication
140
141       --pam-service PAM_SERVICE
142              PAM service name to use for authentication
143
144       --testauth
145              Configure testing environment authentication
146
147
148   INFO PROVIDER OPTIONS
149       --info-ldap Use LDAP to populate user attrs
150
151       --info-ldap-server-url INFO_LDAP_SERVER_URL
152              LDAP Server Url
153
154       --info-ldap-bind-dn INFO_LDAP_BIND_DN
155              LDAP Bind DN
156
157       --info-ldap-bind-pwd INFO_LDAP_BIND_PWD
158              LDAP Bind Password
159
160       --info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
161              LDAP User DN Template
162
163       --info-ldap-base-dn INFO_LDAP_BASE_DN
164              LDAP Base DN
165
166       --info-nss
167              Use passwd data to populate user attrs
168
169       --info-sssd
170              Use DBus to populate user attrs from SSSD. SSSD must be pre-con‐
171              figured for at least one domain.
172
173       --info-sssd-domain INFO_SSSD_DOMAIN
174              SSSD domain to enable for attribute passthrough (default is all)
175
176
177   ENVIRONMENT HELPER OPTIONS
178       --ipa Helper for IPA joined machines. This configures Ipsilon for  Ker‐
179       beros authentication.
180

EXIT STATUS

182       0 if the installation was successful
183
184       1 if an error occurred
185

SEE ALSO

187       ipsilon(7), ipsilon-client-install(1)
188
189
190
191Ipsilon                              2.1.0           ipsilon-server-install(1)
Impressum