1ipsilon-server-install(1)    Ipsilon Manual Pages    ipsilon-server-install(1)
2
3
4

NAME

6       ipsilon-server-install   -   Configure  an  Ipsilon  Identity  Provider
7       instance
8

SYNOPSIS

10       ipsilon-server-install [OPTION]...
11

DESCRIPTION

13       Configure an Ipsilon instance to provide identity services using any of
14       the supported and enabled protocols.
15
16       Ipsilon uses a plugable framework so some options may not be available,
17       depending on what plugins have been installed.
18
19       Ipsilon supports three types of plugins:
20
21       1. Authentication provider plugins - implements an authentication  pro‐
22       tocol  such  as  SAML  2,  OpenID  or Persona. At least one needs to be
23       enabled.
24       2. Login plugins -  mechanisms  for  authenticating  including  GSSAPI,
25       LDAP, PAM, etc. At least one should be enabled.
26       3.  Info  plugins - sources where additional attributes of the user may
27       be obtained.
28
29       There are also environment helper options which aid in configuring  the
30       Identity  Provider  for  a  particular  environment,  such as a FreeIPA
31       domain.
32
33       The installation details are logged to /var/log/ipsilon-install.log.
34

DATABASES

36       Ipsilon  stores  configuration  and  session  information  in  database
37       tables. By default, a set of sqlite databases are used. If a full RDBMS
38       is desired then the --database-url and/or *-dburi options can  be  used
39       to provide the database URIs. This should probably be used in load-bal‐
40       anced situations so all servers can use the same database.
41
42       An example of a specific URI is
43       --users_dburi=postgresql://@dbserver.example.com:45432/users
44
45       The templatized version would be
46       --database-url=postgresql://@dbserver.example.com:45432/%(dbname)s
47

OPTIONS

49   BASIC OPTIONS
50       -h, --help
51              Show this help message and exit
52
53       --version
54              Show program's version number and exit
55
56       -o LM_ORDER, --login-managers-order LM_ORDER
57              Comma separated list of login managers
58
59       --hostname HOSTNAME
60              The hostname used by clients to reach  this  instance.  This  is
61              used to determine the URLs provided in SAML metadata
62
63       --instance INSTANCE
64              Ipsilon instance name
65
66       --system-user SYSTEM_USER
67              User account used to run the server
68
69       --admin-user ADMIN_USER
70              User account that is assigned Ipsilon admin privileges
71
72       --database-url DATABASE_URL
73              The (templatized) database URL to use
74
75       --secure
76              Boolean to turn on all security checks
77
78       --server-debugging
79              Enable debugging
80
81       --uninstall
82              Uninstall the server and all data
83
84       --yes  Always answer yes
85
86       --admin-dburi ADMIN_DBURI
87              Configuration database URI (override template)
88
89       --users-dburi USERS_DBURI
90              User configuration database URI (override template)
91
92       --transaction-dburi TRANSACTION_DBURI
93              Transaction database URI (override template)
94
95   AUTHENTICATION PROVIDER OPTIONS
96       --openid
97              Configure OpenID Provider
98
99       --openid-dburi OPENID_DBURI
100              OpenID database URI (override template)
101
102       --saml2
103              Configure SAML2 Provider
104
105       --saml2-metadata-validity SAML2_METADATA_VALIDITY
106              Metadata validity period in days (default - 1825)
107
108
109   LOGIN MANAGER OPTIONS
110       --form Configure External Form authentication
111
112       --form-service FORM_SERVICE
113              PAM service name to use for authentication
114
115       --fas  Configure FAS (Fedora Authentication System) authentication
116
117       --ldap Configure LDAP authentication
118
119       --ldap-server-url LDAP_SERVER_URL
120              LDAP Server Url
121
122       --ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
123              LDAP Bind DN Template
124
125       --ldap-tls-level LDAP_TLS_LEVEL
126              LDAP TLS level
127
128       --ldap-base-dn LDAP_BASE_DN
129              LDAP Base DN
130
131       --krb  Configure Kerberos authentication
132
133       --krb-httpd-keytab KRB_HTTPD_KEYTAB
134              Kerberos keytab location for HTTPD
135
136       --pam  Configure PAM authentication
137
138       --pam-service PAM_SERVICE
139              PAM service name to use for authentication
140
141       --testauth
142              Configure testing environment authentication
143
144
145   INFO PROVIDER OPTIONS
146       --info-ldap Use LDAP to populate user attrs
147
148       --info-ldap-server-url INFO_LDAP_SERVER_URL
149              LDAP Server Url
150
151       --info-ldap-bind-dn INFO_LDAP_BIND_DN
152              LDAP Bind DN
153
154       --info-ldap-bind-pwd INFO_LDAP_BIND_PWD
155              LDAP Bind Password
156
157       --info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
158              LDAP User DN Template
159
160       --info-ldap-base-dn INFO_LDAP_BASE_DN
161              LDAP Base DN
162
163       --info-nss
164              Use passwd data to populate user attrs
165
166       --info-sssd
167              Use DBus to populate user attrs from SSSD. SSSD must be pre-con‐
168              figured for at least one domain.
169
170       --info-sssd-domain INFO_SSSD_DOMAIN
171              SSSD domain to enable for attribute passthrough (default is all)
172
173
174   ENVIRONMENT HELPER OPTIONS
175       --ipa Helper for IPA joined machines. This configures Ipsilon for  Ker‐
176       beros authentication.
177

EXIT STATUS

179       0 if the installation was successful
180
181       1 if an error occurred
182

SEE ALSO

184       ipsilon(7), ipsilon-client-install(1)
185
186
187
188Ipsilon                              2.1.0           ipsilon-server-install(1)
Impressum