1 .\" Copyright (C) 2015 Ipsilon Project Contributors
3 .TH "ipsilon-server-install" "1" "1.1.0" "Ipsilon" "Ipsilon Manual Pages"
5 ipsilon\-server\-install \- Configure an Ipsilon Identity Provider instance
7 ipsilon\-server\-install [OPTION]...
9 Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols.
11 Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed.
13 Ipsilon supports three types of plugins:
15 1. Authentication provider plugins \- implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled.
17 2. Login plugins \- mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled.
19 3. Info plugins \- sources where additional attributes of the user may be obtained.
22 There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain.
24 The installation details are logged to /var/log/ipsilon\-install.log.
26 Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the \fB\-\-database\-url\fR and/or \fB*\-dburi\fR options can be used to provide the database URIs. This should probably be used in load\-balanced situations so all servers can use the same database.
28 An example of a specific URI is
30 \-\-users_dburi=postgresql://@dbserver.example.com:45432/users
32 The templatized version would be
34 \-\-database\-url=postgresql://@dbserver.example.com:45432/%(dbname)s
38 \fB\-h\fR, \fB\-\-help\fR
39 Show this help message and exit
42 Show program's version number and exit
44 \fB\-o\fR \fILM_ORDER\fR, \fB\-\-login\-managers\-order\fR \fILM_ORDER\fR
45 Comma separated list of login managers
47 \fB\-\-hostname\fR \fIHOSTNAME\fR
48 The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata
50 \fB\-\-instance\fR \fIINSTANCE\fR
53 \fB\-\-system\-user\fR \fISYSTEM_USER\fI
54 User account used to run the server
56 \fB\-\-admin\-user\fR \fIADMIN_USER\fR
57 User account that is assigned Ipsilon admin privileges
59 \fB\-\-database\-url\fR \fIDATABASE_URL\fR
60 The (templatized) database URL to use
63 Boolean to turn on all security checks
65 \fB\-\-server\-debugging\fR
69 Uninstall the server and all data
74 \fB\-\-admin\-dburi\fR \fIADMIN_DBURI\fR
75 Configuration database URI (override template)
77 \fB\-\-users\-dburi \fIUSERS_DBURI\fR
78 User configuration database URI (override template)
80 \fB\-\-transaction\-dburi\fR \fITRANSACTION_DBURI\fR
81 Transaction database URI (override template)
82 .SS AUTHENTICATION PROVIDER OPTIONS
85 Configure OpenID Provider
87 \fB\-\-openid\-dburi\fR \fIOPENID_DBURI\fR
88 OpenID database URI (override template)
91 Configure Persona Provider
94 Configure SAML2 Provider
96 \fB\-\-saml2\-metadata\-validity\fR \fISAML2_METADATA_VALIDITY\fR
97 Metadata validity period in days (default \- 1825)
99 .SS LOGIN MANAGER OPTIONS
102 Configure External Form authentication
104 \fB\-\-form\-service\fR \fIFORM_SERVICE\fR
105 PAM service name to use for authentication
108 Configure FAS (Fedora Authentication System) authentication
111 Configure LDAP authentication
113 \fB\-\-ldap\-server\-url\fR \fILDAP_SERVER_URL\fR
116 \fB\-\-ldap\-bind\-dn\-template\fR \fILDAP_BIND_DN_TEMPLATE\fR
117 LDAP Bind DN Template
119 \fB\-\-ldap\-tls\-level\fR \fILDAP_TLS_LEVEL\fR
122 \fB\-\-ldap\-base\-dn\fR \fILDAP_BASE_DN\fR
126 Configure Kerberos authentication
128 \fB\-\-krb\-httpd\-keytab\fR \fIKRB_HTTPD_KEYTAB\fR
129 Kerberos keytab location for HTTPD
132 Configure PAM authentication
134 \fB\-\-pam\-service\fR \fIPAM_SERVICE\fR
135 PAM service name to use for authentication
138 Configure testing environment authentication
140 .SS INFO PROVIDER OPTIONS
142 Use LDAP to populate user attrs
144 \fB\-\-info\-ldap\-server\-url\fR \fIINFO_LDAP_SERVER_URL\fR
147 \fB\-\-info\-ldap\-bind\-dn\fR \fIINFO_LDAP_BIND_DN\fR
150 \fB\-\-info\-ldap\-bind\-pwd\fR \fIINFO_LDAP_BIND_PWD\fR
153 \fB\-\-info\-ldap\-user\-dn\-template\fR \fIINFO_LDAP_USER_DN_TEMPLATE\fR
154 LDAP User DN Template
156 \fB\-\-info\-ldap\-base\-dn\fR \fIINFO_LDAP_BASE_DN\fR
160 Use passwd data to populate user attrs
162 \fB\-\-info\-sssd\fR \fI
163 Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre\-configured for at least one domain.
165 \fB\-\-info\-sssd\-domain\fR \fIINFO_SSSD_DOMAIN\fR
166 SSSD domain to enable mod_lookup_identity for (default is all)
168 .SS ENVIRONMENT HELPER OPTIONS
170 Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication.
172 0 if the installation was successful
174 1 if an error occurred
177 .BR ipsilon\-client\-install(1)