.\" Copyright (C) 2015 Ipsilon Project Contributors .\" .TH "ipsilon-server-install" "1" "1.1.0" "Ipsilon" "Ipsilon Manual Pages" .SH "NAME" ipsilon\-server\-install \- Configure an Ipsilon Identity Provider instance .SH "SYNOPSIS" ipsilon\-server\-install [OPTION]... .SH "DESCRIPTION" Configure an Ipsilon instance to provide identity services using any of the supported and enabled protocols. Ipsilon uses a plugable framework so some options may not be available, depending on what plugins have been installed. Ipsilon supports three types of plugins: 1. Authentication provider plugins \- implements an authentication protocol such as SAML 2, OpenID or Persona. At least one needs to be enabled. .br 2. Login plugins \- mechanisms for authenticating including GSSAPI, LDAP, PAM, etc. At least one should be enabled. .br 3. Info plugins \- sources where additional attributes of the user may be obtained. .br There are also environment helper options which aid in configuring the Identity Provider for a particular environment, such as a FreeIPA domain. The installation details are logged to /var/log/ipsilon\-install.log. .SH "DATABASES" Ipsilon stores configuration and session information in database tables. By default, a set of sqlite databases are used. If a full RDBMS is desired then the \fB\-\-database\-url\fR and/or \fB*\-dburi\fR options can be used to provide the database URIs. This should probably be used in load\-balanced situations so all servers can use the same database. An example of a specific URI is .br \-\-users_dburi=postgresql://@dbserver.example.com:45432/users The templatized version would be .br \-\-database\-url=postgresql://@dbserver.example.com:45432/%(dbname)s .SH "OPTIONS" .SS BASIC OPTIONS .TP \fB\-h\fR, \fB\-\-help\fR Show this help message and exit .TP \fB\-\-version\fR Show program's version number and exit .TP \fB\-o\fR \fILM_ORDER\fR, \fB\-\-login\-managers\-order\fR \fILM_ORDER\fR Comma separated list of login managers .TP \fB\-\-hostname\fR \fIHOSTNAME\fR The hostname used by clients to reach this instance. This is used to determine the URLs provided in SAML metadata .TP \fB\-\-instance\fR \fIINSTANCE\fR Ipsilon instance name .TP \fB\-\-system\-user\fR \fISYSTEM_USER\fI User account used to run the server .TP \fB\-\-admin\-user\fR \fIADMIN_USER\fR User account that is assigned Ipsilon admin privileges .TP \fB\-\-database\-url\fR \fIDATABASE_URL\fR The (templatized) database URL to use .TP \fB\-\-secure\fR Boolean to turn on all security checks .TP \fB\-\-server\-debugging\fR Enable debugging .TP \fB\-\-uninstall\fR Uninstall the server and all data .TP \fB\-\-yes\fR Always answer yes .TP \fB\-\-admin\-dburi\fR \fIADMIN_DBURI\fR Configuration database URI (override template) .TP \fB\-\-users\-dburi \fIUSERS_DBURI\fR User configuration database URI (override template) .TP \fB\-\-transaction\-dburi\fR \fITRANSACTION_DBURI\fR Transaction database URI (override template) .SS AUTHENTICATION PROVIDER OPTIONS .TP \fB\-\-openid\fR Configure OpenID Provider .TP \fB\-\-openid\-dburi\fR \fIOPENID_DBURI\fR OpenID database URI (override template) .TP \fB\-\-persona\fR Configure Persona Provider .TP \fB\-\-saml2\fR Configure SAML2 Provider .TP \fB\-\-saml2\-metadata\-validity\fR \fISAML2_METADATA_VALIDITY\fR Metadata validity period in days (default \- 1825) .SS LOGIN MANAGER OPTIONS .TP \fB\-\-form\fR Configure External Form authentication .TP \fB\-\-form\-service\fR \fIFORM_SERVICE\fR PAM service name to use for authentication .TP \fB\-\-fas\fR Configure FAS (Fedora Authentication System) authentication .TP \fB\-\-ldap\fR Configure LDAP authentication .TP \fB\-\-ldap\-server\-url\fR \fILDAP_SERVER_URL\fR LDAP Server Url .TP \fB\-\-ldap\-bind\-dn\-template\fR \fILDAP_BIND_DN_TEMPLATE\fR LDAP Bind DN Template .TP \fB\-\-ldap\-tls\-level\fR \fILDAP_TLS_LEVEL\fR LDAP TLS level .TP \fB\-\-ldap\-base\-dn\fR \fILDAP_BASE_DN\fR LDAP Base DN .TP \fB\-\-krb\fR Configure Kerberos authentication .TP \fB\-\-krb\-httpd\-keytab\fR \fIKRB_HTTPD_KEYTAB\fR Kerberos keytab location for HTTPD .TP \fB\-\-pam\fR Configure PAM authentication .TP \fB\-\-pam\-service\fR \fIPAM_SERVICE\fR PAM service name to use for authentication .TP \fB\-\-testauth\fR Configure testing environment authentication .SS INFO PROVIDER OPTIONS \fB\-\-info\-ldap\fR Use LDAP to populate user attrs .TP \fB\-\-info\-ldap\-server\-url\fR \fIINFO_LDAP_SERVER_URL\fR LDAP Server Url .TP \fB\-\-info\-ldap\-bind\-dn\fR \fIINFO_LDAP_BIND_DN\fR LDAP Bind DN .TP \fB\-\-info\-ldap\-bind\-pwd\fR \fIINFO_LDAP_BIND_PWD\fR LDAP Bind Password .TP \fB\-\-info\-ldap\-user\-dn\-template\fR \fIINFO_LDAP_USER_DN_TEMPLATE\fR LDAP User DN Template .TP \fB\-\-info\-ldap\-base\-dn\fR \fIINFO_LDAP_BASE_DN\fR LDAP Base DN .TP \fB\-\-info\-nss\fR Use passwd data to populate user attrs .TP \fB\-\-info\-sssd\fR \fI Use mod_lookup_identity and SSSD to populate user attrs. SSSD must be pre\-configured for at least one domain. .TP \fB\-\-info\-sssd\-domain\fR \fIINFO_SSSD_DOMAIN\fR SSSD domain to enable mod_lookup_identity for (default is all) .SS ENVIRONMENT HELPER OPTIONS \fB\-\-ipa\fR Helper for IPA joined machines. This configures Ipsilon for Kerberos authentication. .SH "EXIT STATUS" 0 if the installation was successful 1 if an error occurred .SH "SEE ALSO" .BR ipsilon(7), .BR ipsilon\-client\-install(1)