1ipsilon-server-install(1) Ipsilon Manual Pages ipsilon-server-install(1)
2
3
4
6 ipsilon-server-install - Configure an Ipsilon Identity Provider
7 instance
8
10 ipsilon-server-install [OPTION]...
11
13 Configure an Ipsilon instance to provide identity services using any of
14 the supported and enabled protocols.
15
16 Ipsilon uses a plugable framework so some options may not be available,
17 depending on what plugins have been installed.
18
19 Ipsilon supports three types of plugins:
20
21 1. Authentication provider plugins - implements an authentication pro‐
22 tocol such as SAML 2, OpenID or Persona. At least one needs to be
23 enabled.
24 2. Login plugins - mechanisms for authenticating including GSSAPI,
25 LDAP, PAM, etc. At least one should be enabled.
26 3. Info plugins - sources where additional attributes of the user may
27 be obtained.
28
29 There are also environment helper options which aid in configuring the
30 Identity Provider for a particular environment, such as a FreeIPA
31 domain.
32
33 The installation details are logged to /var/log/ipsilon-install.log.
34
36 Ipsilon stores configuration and session information in database
37 tables. By default, a set of sqlite databases are used. If a full RDBMS
38 is desired then the --database-url and/or *-dburi options can be used
39 to provide the database URIs. This should probably be used in load-bal‐
40 anced situations so all servers can use the same database.
41
42 An example of a specific URI is
43 --users_dburi=postgresql://@dbserver.example.com:45432/users
44
45 The templatized version would be
46 --database-url=postgresql://@dbserver.example.com:45432/%(dbname)s
47
49 BASIC OPTIONS
50 -h, --help
51 Show this help message and exit
52
53 --version
54 Show program's version number and exit
55
56 -o LM_ORDER, --login-managers-order LM_ORDER
57 Comma separated list of login managers
58
59 --hostname HOSTNAME
60 The hostname used by clients to reach this instance. This is
61 used to determine the URLs provided in SAML metadata
62
63 --instance INSTANCE
64 Ipsilon instance name
65
66 --system-user SYSTEM_USER
67 User account used to run the server
68
69 --admin-user ADMIN_USER
70 User account that is assigned Ipsilon admin privileges
71
72 --database-url DATABASE_URL
73 The (templatized) database URL to use
74
75 --secure
76 Boolean to turn on all security checks
77
78 --server-debugging
79 Enable debugging
80
81 --uninstall
82 Uninstall the server and all data
83
84 --yes Always answer yes
85
86 --admin-dburi ADMIN_DBURI
87 Configuration database URI (override template)
88
89 --users-dburi USERS_DBURI
90 User configuration database URI (override template)
91
92 --transaction-dburi TRANSACTION_DBURI
93 Transaction database URI (override template)
94
95 AUTHENTICATION PROVIDER OPTIONS
96 --openid
97 Configure OpenID Provider
98
99 --openid-dburi OPENID_DBURI
100 OpenID database URI (override template)
101
102 --saml2
103 Configure SAML2 Provider
104
105 --saml2-metadata-validity SAML2_METADATA_VALIDITY
106 Metadata validity period in days (default - 1825)
107
108
109 LOGIN MANAGER OPTIONS
110 --form Configure External Form authentication
111
112 --form-service FORM_SERVICE
113 PAM service name to use for authentication
114
115 --fas Configure FAS (Fedora Authentication System) authentication
116
117 --ldap Configure LDAP authentication
118
119 --ldap-server-url LDAP_SERVER_URL
120 LDAP Server Url
121
122 --ldap-bind-dn-template LDAP_BIND_DN_TEMPLATE
123 LDAP Bind DN Template
124
125 --ldap-tls-level LDAP_TLS_LEVEL
126 LDAP TLS level
127
128 --ldap-base-dn LDAP_BASE_DN
129 LDAP Base DN
130
131 --krb Configure Kerberos authentication
132
133 --krb-httpd-keytab KRB_HTTPD_KEYTAB
134 Kerberos keytab location for HTTPD
135
136 --pam Configure PAM authentication
137
138 --pam-service PAM_SERVICE
139 PAM service name to use for authentication
140
141 --testauth
142 Configure testing environment authentication
143
144
145 INFO PROVIDER OPTIONS
146 --info-ldap Use LDAP to populate user attrs
147
148 --info-ldap-server-url INFO_LDAP_SERVER_URL
149 LDAP Server Url
150
151 --info-ldap-bind-dn INFO_LDAP_BIND_DN
152 LDAP Bind DN
153
154 --info-ldap-bind-pwd INFO_LDAP_BIND_PWD
155 LDAP Bind Password
156
157 --info-ldap-user-dn-template INFO_LDAP_USER_DN_TEMPLATE
158 LDAP User DN Template
159
160 --info-ldap-base-dn INFO_LDAP_BASE_DN
161 LDAP Base DN
162
163 --info-nss
164 Use passwd data to populate user attrs
165
166 --info-sssd
167 Use DBus to populate user attrs from SSSD. SSSD must be pre-con‐
168 figured for at least one domain.
169
170 --info-sssd-domain INFO_SSSD_DOMAIN
171 SSSD domain to enable for attribute passthrough (default is all)
172
173
174 ENVIRONMENT HELPER OPTIONS
175 --ipa Helper for IPA joined machines. This configures Ipsilon for Ker‐
176 beros authentication.
177
179 0 if the installation was successful
180
181 1 if an error occurred
182
184 ipsilon(7), ipsilon-client-install(1)
185
186
187
188Ipsilon 2.1.0 ipsilon-server-install(1)