--- title: "Configuring Qvisqve, an authorization server" author: QvarnLabs Ab date: work-in-progress ... # Introduction This document explains how to configure Qvisqve, which is an authorization server and identity provider. # Installation Install Qvisqve from a Debian package. There is one at . Add the following line to the APT sources list: - deb http://code.liw.fi/debian stretch main The `code.liw.fi-keyring` package from that repository has a keyring package that installs the archive signing key for APT. For the initial install, the current key is: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQINBFdmcP0BEAC3OQtAVwWsolyXsMSo4nhupzUvGwqcC1PFQIKY2guM82PIJxil Zfz+KXiyGi5bWbmtpgQEkfd964RXulT1Epa/NQ8NdCnDDVLYlsWBdBMLl7o6lIJP NEnCt12fFHMaOf5m5GACE+dRnww2eKrrdrSTaY0whbGm+ouy/yFujsFxX9bpFb+U bpVKbrl+UYGiUgCO4uVYvgsSNYYif9gWrpXaQ1Kq0XohAvMChP7Qp2VmDpGueGsm A0WfiTBlTc5E4UTZ12YESDOlmS468WVrCdmEI3NbAzcP4Glp1CxUGCv7dG5a4NDT BVtHbO3Q//RlSnxtMVE3rTdoymKr/Zh4TtkIZzV8YDj0cZ++WlzBbtBxQ9zfcNQh rtCfklDQweazUUdI0Xg+OEJ7qSbqTWyUM9sNavNy7sRIgMaFQeQbO/U3D72YsaE7 66lqgJQbaz1ZtCi7r4iLV/2Zgl11gEktszPw7D6KcU7Ec8l+zt9c+JIbORfrEzZu 8ojIPMHHLXi3riKWbG3sUm9NR01MCu32Rqio4n0JCn/xGAKLcCSeb2sW7CV51oSE MtlBErWg04Zd4c3WQR14acN9l7UxgP66jTfX8cV/994JtJDeGGlCvNp24QjUbMET cVU1/OrQy/PbWE4GHk3SuNX6xgPE9l4JX32cLSerbo+VxVbqj8HMmx3UBwARAQAB tCtjb2RlLmxpdy5maSBhcmNoaXZlIGtleSAoMjAxNikgPGxpd0BsaXcuZmk+iQI3 BBMBCAAhBQJXZnD9AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPBgIgES thwfZE0P/iy91NjmEecLelet4r+6HUYx0/0QvcAZbo0Xo/EI0h5WiEPib4/ZO86X VUiD7T36uXiHqwXKcfeiK3quORF2DeXybSNVeEEgKZ5sIIpCzRQ6HFV9pQPpHq2D USR9YGGrWSRR8zxVpl8Fp/51Fx52bwtFa4wYrHKEvA+Iy4tgMjMAukAPNgPAirUW WZoZ9Adq+aP/vRXmNoYYRwG310tOKeq1nXCviBIDUhscOdL4GP7vLoTQwILE4EV9 FbPPggthc/JkRjJ5jlU/m+Z3+Ol1cIS6xN7iZ6GDpTpN4JKPhsp4wf5GvxruLOZr hKju/5X56dge33nsL+QogGEfYQvC1GBQ03lUSUlwswDBfLYXAhDY7nxGsS1KWb0Z Q3HF88vptkbLzF2LwWx6IJVIgyQo9Laa4oPI1W3mqZOvNUpOnd/8HCIBV1XKrnI4 /2HG0ofg50DJWLpBU8/YdLJZQOldrcUtwoWSTV+3Ut4dwG4OXs63dd/jDgZx3TMK Gd5svO3dq6WlpnRvUUpxc4bf7STHj3wQoTsAAMBdKQ3AR94DQsIRomyZwJquVdas O4156ZM8zhyD71mGit4WQG2VQKhXbUU9MVO11bYJSCSf7zE7WCh3gGQmThIvZ0BL rL/cKWEu4zoXl7BWXll2JCpFD3/4t6lduWvXprb4tvJW/dFKnKyTiQIcBBABCAAG BQJXZngYAAoJEEThd0C4YR6cnKMP/0bZ6XW7rrjN6JlTFcRK2RZ5ys2ZBpyFC/fx gI8gDkbfIQDGUzhqep18/dRRN/AmU5J6v1OY8qyfZUKKxrxY2yJZIhLZDOsGKyrC iaV+mrrsKq4AsssbKsaExtsstVTmNvh1DRKj9wW+LBIUKiM8TbhD8ZlbOdoYIcF4 lwbjzAAp0sHels+3CyXqascS46R6EfKtfSAhTX22zBwfDM+ae/zqY1sB6uLnAvzo GGr+qrvHcfRibjo/XQSl+nGXB63aurT7r4hZoehxzJE8b3ByRtu6Ntls5SuGo8Zw d60dpi4PTTHMd9c75BS+K9Oiqdc1GSVB+dKHAoBy0HKNiCeYH2nqyjZleo2/c6Fu 87AROMgM15VfVgZRIT3DDS1VWwms6rTdJGZdzd1PQVxSbyahCgP4lacUHhEew3zB beUlSQ3SIlklcCfl6XpNrUecsqkhxgIuhQBbzS3W5wF2c/FeZ1CT8W1uH9nlys8m L25KVvlPAX4GF62XSmji0xysIQZjwZBeh6iG5FKgIR7GHZ6JF6M0csQmg6eYaNpw wYxDDis76yZQS5oas6OR6+VTeLkGrbL1fmPzWKViOu/mzpHTQD/K4wByuiryz+nd 5pCajq0YoHCgQulGD6aK0O100qkL2F4oGWFlrI0d1X2ZHLs0SCEGaBhYW24r64pa r7Fq6UGkuQINBFdmcP0BEAC09icQxw4HrCtPW/movnmd98AtN9zdFti0iQzrt3pw kyj8g8rQAgQL8MjkqOH5XgeHn00u/QtYNuQRVvH2m79Z3KKibLgXRyqMofkTvdc4 jPpNISgtOW8FG40CrA7gqQNbuVuFt+QBlhmZlT0cAfTA31cDtgPTqD+i7AolDVYV XKCoRhlgIL6UNSbQw7TODGVosTS700FiRSNk66l236hMXsh9qmTV4lx+oOwpWesf Li+QgNnPeMbFwcwdLLodYjMy+mDYalSj6lcJIMLbZrRumJ+1heE2uN/dKc8U41bx OcEvTwbBmgcnEJRSNz/Ds3bn/xy/jqoEH8iibzGc3VJ9q6f4hXyFxyUa7BRN4pug hD8vwUomEMjUK4eWvRVWs3cREloxshuYWU+OF1JAOzN2HPbahZdA/VzMzlA2+MAv M8Qqb8DWLwGmT2Cykc2OHMYe/G8Ow8f2sfI+UYuKY0A/TKeIwFs6d51fC2US5Va9 tiW3/gATucUN60ZSbYp9rjBuUy4EiKwQXyMgbHCgZUHFnkM4QmL2GreQ4oI2ci/N 0MXcKjtaI+hLUpjLjjy5aKAuueFuyKfjx52riXxdmT3s97/CKK9pFCavsyvKsTlC EGlSr2Gy6D/4PXZMtsW+vCYXtUVTNAUy+5NDEAI2tcBd6qX9/hy7ktVoI7ii+Lka 9QARAQABiQIfBBgBCAAJBQJXZnD9AhsMAAoJEPBgIgESthwfABcP/iXz9TDbz1GY vmWnY2UEQQuFYI8rTD0hQg9DZEKwuITanHT5Mz2Hejz5vumXSGNo9yM/8ph+kgoM C/aQWYIoVMr78yT+P55gK+N6kbwueOZnaSt5E3c337eVWoRKS2S1/IopQAsmzBjE xSm5EsUWdVxqarq47ahZEc6eZ6SzTfyivTG0x6t04hpMmDmPbdf1rMYV11+naGxo wgAPoTUvlo2u8PY2fIi5Ha1mkznUwGw5VVoq3J+kKjBxzV1pY3ww4uDHH0+v0N7r rju8yq+gt5Dgy93xfBuofIs7Vg33nu+NA65zQP53hlw52ZlA7E+xhzMemANyyA/I DSk2CGLLUX5d0d47kp8ljoYV1c+MYO2yAYVjlv96zw1N/TzqnQ6GABIhZfuOLbCt 09vLW16ZQ0svxe0BAKLqvkxDEOpTAGfaGhXFPaPgIaLXy8oOIrR7p+QnZ0OgL7JM ptop9rhnmay42INPTTCid+6QIQcEgl08MiAdfEw5VnyWHaqrb7tdZ0+tb8QPgxNx qQ2JhcTo10e3xef+o7332ScXOscyI+zVZWrfS6WELuPeRF7EekC2lIdtQ5XT3llL rL1ecHdp0fyZ+L5qKI87TNeOH2H+oKfGS2LcO7Pt4mFEJYLFaipGl5FpDWcD/ygW I6vynPxtaJhPiqIFtBOPSDsRl2/0HCqb =+DI2 -----END PGP PUBLIC KEY BLOCK----- # Configure Install a configuration at `/etc/qvisqve/qvisqve.yaml` with the following content: log: - filename: /var/log/qvisqve.log token-issuer: iss token-audience: aud token-public-key: ssh-rsa ... For now, any ssh public key will do for the `token-public-key`. # Run To run Qvisqve, run this command: /usr/bin/start_qvisqve After a few seconds, the 12765 port should be accepting requests: curl http://127.0.0.1:12765/version This should report the current Qvisqve version.