1ipsilon-client-install(1) Ipsilon Manual Pages ipsilon-client-install(1)
2
3
4
6 ipsilon-client-install - Configure an Ipsilon client
7
9 ipsilon-client-install [OPTION]...
10
12 Configures a server to be used as a Service Provider (SP) in federation
13 with an Ipsilon instance as its Identity Provider (IdP).
14
15 By default, Apache is configured using mod_auth_mellon to handle the
16 SAML 2 Federation.
17
19 -h, --help Show help message and exit
20
21 --version
22 Show program's version number and exit
23
24 --hostname HOSTNAME
25 Machine's fully qualified host name
26
27 --port PORT
28 Port number that SP listens on. The default is to not set a spe‐
29 cific listen port. The --saml-secure-setup option can affect
30 this.
31
32 --admin-user ADMIN_USER
33 Account allowed to create a Service Provider (SP). The default
34 is admin.
35
36 --admin-password ADMIN_PASSWORD
37 File containing the password for the account used to create a SP
38 (- to read from stdin). You can also provide the password in
39 the IPSILON_ADMIN_PASSWORD environment variable.
40
41 --httpd-user HTTPD_USER
42 Web server account used. Some files created by the installation
43 will be chown(1) to this user. The default is apache.
44
45 --saml Boolean value whether to install a saml2 SP or not. Default is
46 True.
47
48 --saml-idp-url SAML_IDP_URL
49 An URL of the Ipsilon instance to register the SP with.
50
51 --saml-idp-metadata SAML_IDP_METADATA
52 An URL pointing at the IDP Metadata (FILE or HTTP)
53
54 --saml-no-httpd
55 Do not configure httpd. The default is False.
56
57 --saml-base SAML_BASE
58 Where saml2 authdata is available (default: /)
59
60 --saml-auth SAML_AUTH
61 Where saml2 authentication is enforced. The default is /pro‐
62 tected. This only applies when configuring Apache.
63
64 --saml-sp SAML_SP
65 Where saml communication happens. The default is /saml2.
66
67 --saml-sp-logout SAML_SP_LOGOUT
68 Single Logout URL. The default is /saml2/logout.
69
70 --no-saml-soap-logout
71 Disable Single Logout using SOAP.
72
73 --saml-sp-post SAML_SP_POST
74 Post response URL. The default is /saml2/postResponse.
75
76 --saml-secure-setup
77 Turn on all security checks. The default is True.
78
79 --saml-nameid
80 The saml2 NameID format that this SP will use. Must be one of:
81 x509,transient,persistent,windows,encrypted,ker‐
82 beros,email,unspecified,entity. The default is unspecified.
83
84 --saml-sp-name SAML_SP_NAME
85 The SP name to register with the IdP.
86
87 --debug
88 Turn on script debugging
89
90 --uninstall
91 Uninstall the ipsilon client
92
94 Two levels of SSL certificates may be used in an Ipsilon instalation.
95
96 An X509 signing certificate is used by Ipsilon to sign SAML 2 messages.
97 The public key of the certificate is passed in the SAML metadata
98 exchanged between the Identity Provider and the Service Provider. This
99 certificate and key are automatically generated.
100
101 Any page on the SP that will use the authentication provided by the IdP
102 will need to be protected by SSL in order to access the secure cookie
103 that the IdP provides. Ipsilon does not provide this certificate.
104
106 Install a SAML 2 SP using the IdP instance idp on idp.example.com.
107
108 # ipsilon-client-install --saml-idp-metadata https://idp.exam‐
109 ple.com/idp/saml2/metadata --saml-auth /protected
110
111 Any unauthenticated request to /protected will trigger a redirect to
112 the IdP for authentication.
113
114 Once the SP has been generated it needs to be registered with the IdP.
115
117 0 if the installation was successful
118
119 1 if an error occurred
120
122 ipsilon(7)
123
124
125
126Ipsilon 2.1.0 ipsilon-client-install(1)