1ipsilon-client-install(1)    Ipsilon Manual Pages    ipsilon-client-install(1)
2
3
4

NAME

6       ipsilon-client-install - Configure an Ipsilon client
7

SYNOPSIS

9       ipsilon-client-install [OPTION]...
10

DESCRIPTION

12       Configures a server to be used as a Service Provider (SP) in federation
13       with an Ipsilon instance as its Identity Provider (IdP).
14
15       By default, Apache is configured using mod_auth_mellon  to  handle  the
16       SAML 2 Federation.
17

OPTIONS

19       -h, --help Show help message and exit
20
21       --version
22              Show program's version number and exit
23
24       --hostname HOSTNAME
25              Machine's fully qualified host name
26
27       --port PORT
28              Port number that SP listens on. The default is to not set a spe‐
29              cific listen port. The  --saml-secure-setup  option  can  affect
30              this.
31
32       --admin-user ADMIN_USER
33              Account  allowed  to create a Service Provider (SP). The default
34              is admin.
35
36       --admin-password ADMIN_PASSWORD
37              File containing the password for the account used to create a SP
38              (-  to  read  from stdin).  You can also provide the password in
39              the IPSILON_ADMIN_PASSWORD environment variable.
40
41       --httpd-user HTTPD_USER
42              Web server account used. Some files created by the  installation
43              will be chown(1) to this user. The default is apache.
44
45       --saml Boolean  value  whether to install a saml2 SP or not. Default is
46              True.
47
48       --saml-idp-url SAML_IDP_URL
49              An URL of the Ipsilon instance to register the SP with.
50
51       --saml-idp-metadata SAML_IDP_METADATA
52              An URL pointing at the IDP Metadata (FILE or HTTP)
53
54       --saml-no-httpd
55              Do not configure httpd. The default is False.
56
57       --saml-base SAML_BASE
58              Where saml2 authdata is available (default: /)
59
60       --saml-auth SAML_AUTH
61              Where saml2 authentication is enforced.  The  default  is  /pro‐
62              tected. This only applies when configuring Apache.
63
64       --saml-sp SAML_SP
65              Where saml communication happens. The default is /saml2.
66
67       --saml-sp-logout SAML_SP_LOGOUT
68              Single Logout URL. The default is /saml2/logout.
69
70       --no-saml-soap-logout
71              Disable Single Logout using SOAP.
72
73       --saml-sp-post SAML_SP_POST
74              Post response URL. The default is /saml2/postResponse.
75
76       --saml-secure-setup
77              Turn on all security checks. The default is True.
78
79       --saml-nameid
80              The  saml2  NameID format that this SP will use. Must be one of:
81              x509,transient,persistent,windows,encrypted,ker‐
82              beros,email,unspecified,entity. The default is unspecified.
83
84       --saml-sp-name SAML_SP_NAME
85              The SP name to register with the IdP.
86
87       --debug
88              Turn on script debugging
89
90       --uninstall
91              Uninstall the ipsilon client
92

CERTIFICATES

94       Two levels of SSL certificates may be used in an Ipsilon instalation.
95
96       An X509 signing certificate is used by Ipsilon to sign SAML 2 messages.
97       The public key of the  certificate  is  passed  in  the  SAML  metadata
98       exchanged  between the Identity Provider and the Service Provider. This
99       certificate and key are automatically generated.
100
101       Any page on the SP that will use the authentication provided by the IdP
102       will  need  to be protected by SSL in order to access the secure cookie
103       that the IdP provides. Ipsilon does not provide this certificate.
104

EXAMPLES

106       Install a SAML 2 SP using the  IdP instance idp on idp.example.com.
107
108          #   ipsilon-client-install   --saml-idp-metadata   https://idp.exam
109       ple.com/idp/saml2/metadata --saml-auth /protected
110
111       Any  unauthenticated  request  to /protected will trigger a redirect to
112       the IdP for authentication.
113
114       Once the SP has been generated it needs to be registered with the IdP.
115

EXIT STATUS

117       0 if the installation was successful
118
119       1 if an error occurred
120

SEE ALSO

122       ipsilon(7)
123
124
125
126Ipsilon                              2.1.0           ipsilon-client-install(1)
Impressum