summaryrefslogtreecommitdiff
path: root/doc/config.mdwn
blob: e803597cebda033e066825e6f953df792b96f56c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

---
title: "Configuring Qvisqve, an authorization server"
author: QvarnLabs Ab
date: work-in-progress
...

# Introduction

This document explains how to configure Qvisqve, which is an
authorization server and identity provider.

# Installation

Install Qvisqve from a Debian package. There is one at 
<http://code.liw.fi/debian/pool/main/s/qvisqve/>. Add the following
line to the APT sources list:

  - deb http://code.liw.fi/debian stretch main

The `code.liw.fi-keyring` package from that repository has a keyring
package that installs the archive signing key for APT. For the initial
install, the current key is:

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2

    mQINBFdmcP0BEAC3OQtAVwWsolyXsMSo4nhupzUvGwqcC1PFQIKY2guM82PIJxil
    Zfz+KXiyGi5bWbmtpgQEkfd964RXulT1Epa/NQ8NdCnDDVLYlsWBdBMLl7o6lIJP
    NEnCt12fFHMaOf5m5GACE+dRnww2eKrrdrSTaY0whbGm+ouy/yFujsFxX9bpFb+U
    bpVKbrl+UYGiUgCO4uVYvgsSNYYif9gWrpXaQ1Kq0XohAvMChP7Qp2VmDpGueGsm
    A0WfiTBlTc5E4UTZ12YESDOlmS468WVrCdmEI3NbAzcP4Glp1CxUGCv7dG5a4NDT
    BVtHbO3Q//RlSnxtMVE3rTdoymKr/Zh4TtkIZzV8YDj0cZ++WlzBbtBxQ9zfcNQh
    rtCfklDQweazUUdI0Xg+OEJ7qSbqTWyUM9sNavNy7sRIgMaFQeQbO/U3D72YsaE7
    66lqgJQbaz1ZtCi7r4iLV/2Zgl11gEktszPw7D6KcU7Ec8l+zt9c+JIbORfrEzZu
    8ojIPMHHLXi3riKWbG3sUm9NR01MCu32Rqio4n0JCn/xGAKLcCSeb2sW7CV51oSE
    MtlBErWg04Zd4c3WQR14acN9l7UxgP66jTfX8cV/994JtJDeGGlCvNp24QjUbMET
    cVU1/OrQy/PbWE4GHk3SuNX6xgPE9l4JX32cLSerbo+VxVbqj8HMmx3UBwARAQAB
    tCtjb2RlLmxpdy5maSBhcmNoaXZlIGtleSAoMjAxNikgPGxpd0BsaXcuZmk+iQI3
    BBMBCAAhBQJXZnD9AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEPBgIgES
    thwfZE0P/iy91NjmEecLelet4r+6HUYx0/0QvcAZbo0Xo/EI0h5WiEPib4/ZO86X
    VUiD7T36uXiHqwXKcfeiK3quORF2DeXybSNVeEEgKZ5sIIpCzRQ6HFV9pQPpHq2D
    USR9YGGrWSRR8zxVpl8Fp/51Fx52bwtFa4wYrHKEvA+Iy4tgMjMAukAPNgPAirUW
    WZoZ9Adq+aP/vRXmNoYYRwG310tOKeq1nXCviBIDUhscOdL4GP7vLoTQwILE4EV9
    FbPPggthc/JkRjJ5jlU/m+Z3+Ol1cIS6xN7iZ6GDpTpN4JKPhsp4wf5GvxruLOZr
    hKju/5X56dge33nsL+QogGEfYQvC1GBQ03lUSUlwswDBfLYXAhDY7nxGsS1KWb0Z
    Q3HF88vptkbLzF2LwWx6IJVIgyQo9Laa4oPI1W3mqZOvNUpOnd/8HCIBV1XKrnI4
    /2HG0ofg50DJWLpBU8/YdLJZQOldrcUtwoWSTV+3Ut4dwG4OXs63dd/jDgZx3TMK
    Gd5svO3dq6WlpnRvUUpxc4bf7STHj3wQoTsAAMBdKQ3AR94DQsIRomyZwJquVdas
    O4156ZM8zhyD71mGit4WQG2VQKhXbUU9MVO11bYJSCSf7zE7WCh3gGQmThIvZ0BL
    rL/cKWEu4zoXl7BWXll2JCpFD3/4t6lduWvXprb4tvJW/dFKnKyTiQIcBBABCAAG
    BQJXZngYAAoJEEThd0C4YR6cnKMP/0bZ6XW7rrjN6JlTFcRK2RZ5ys2ZBpyFC/fx
    gI8gDkbfIQDGUzhqep18/dRRN/AmU5J6v1OY8qyfZUKKxrxY2yJZIhLZDOsGKyrC
    iaV+mrrsKq4AsssbKsaExtsstVTmNvh1DRKj9wW+LBIUKiM8TbhD8ZlbOdoYIcF4
    lwbjzAAp0sHels+3CyXqascS46R6EfKtfSAhTX22zBwfDM+ae/zqY1sB6uLnAvzo
    GGr+qrvHcfRibjo/XQSl+nGXB63aurT7r4hZoehxzJE8b3ByRtu6Ntls5SuGo8Zw
    d60dpi4PTTHMd9c75BS+K9Oiqdc1GSVB+dKHAoBy0HKNiCeYH2nqyjZleo2/c6Fu
    87AROMgM15VfVgZRIT3DDS1VWwms6rTdJGZdzd1PQVxSbyahCgP4lacUHhEew3zB
    beUlSQ3SIlklcCfl6XpNrUecsqkhxgIuhQBbzS3W5wF2c/FeZ1CT8W1uH9nlys8m
    L25KVvlPAX4GF62XSmji0xysIQZjwZBeh6iG5FKgIR7GHZ6JF6M0csQmg6eYaNpw
    wYxDDis76yZQS5oas6OR6+VTeLkGrbL1fmPzWKViOu/mzpHTQD/K4wByuiryz+nd
    5pCajq0YoHCgQulGD6aK0O100qkL2F4oGWFlrI0d1X2ZHLs0SCEGaBhYW24r64pa
    r7Fq6UGkuQINBFdmcP0BEAC09icQxw4HrCtPW/movnmd98AtN9zdFti0iQzrt3pw
    kyj8g8rQAgQL8MjkqOH5XgeHn00u/QtYNuQRVvH2m79Z3KKibLgXRyqMofkTvdc4
    jPpNISgtOW8FG40CrA7gqQNbuVuFt+QBlhmZlT0cAfTA31cDtgPTqD+i7AolDVYV
    XKCoRhlgIL6UNSbQw7TODGVosTS700FiRSNk66l236hMXsh9qmTV4lx+oOwpWesf
    Li+QgNnPeMbFwcwdLLodYjMy+mDYalSj6lcJIMLbZrRumJ+1heE2uN/dKc8U41bx
    OcEvTwbBmgcnEJRSNz/Ds3bn/xy/jqoEH8iibzGc3VJ9q6f4hXyFxyUa7BRN4pug
    hD8vwUomEMjUK4eWvRVWs3cREloxshuYWU+OF1JAOzN2HPbahZdA/VzMzlA2+MAv
    M8Qqb8DWLwGmT2Cykc2OHMYe/G8Ow8f2sfI+UYuKY0A/TKeIwFs6d51fC2US5Va9
    tiW3/gATucUN60ZSbYp9rjBuUy4EiKwQXyMgbHCgZUHFnkM4QmL2GreQ4oI2ci/N
    0MXcKjtaI+hLUpjLjjy5aKAuueFuyKfjx52riXxdmT3s97/CKK9pFCavsyvKsTlC
    EGlSr2Gy6D/4PXZMtsW+vCYXtUVTNAUy+5NDEAI2tcBd6qX9/hy7ktVoI7ii+Lka
    9QARAQABiQIfBBgBCAAJBQJXZnD9AhsMAAoJEPBgIgESthwfABcP/iXz9TDbz1GY
    vmWnY2UEQQuFYI8rTD0hQg9DZEKwuITanHT5Mz2Hejz5vumXSGNo9yM/8ph+kgoM
    C/aQWYIoVMr78yT+P55gK+N6kbwueOZnaSt5E3c337eVWoRKS2S1/IopQAsmzBjE
    xSm5EsUWdVxqarq47ahZEc6eZ6SzTfyivTG0x6t04hpMmDmPbdf1rMYV11+naGxo
    wgAPoTUvlo2u8PY2fIi5Ha1mkznUwGw5VVoq3J+kKjBxzV1pY3ww4uDHH0+v0N7r
    rju8yq+gt5Dgy93xfBuofIs7Vg33nu+NA65zQP53hlw52ZlA7E+xhzMemANyyA/I
    DSk2CGLLUX5d0d47kp8ljoYV1c+MYO2yAYVjlv96zw1N/TzqnQ6GABIhZfuOLbCt
    09vLW16ZQ0svxe0BAKLqvkxDEOpTAGfaGhXFPaPgIaLXy8oOIrR7p+QnZ0OgL7JM
    ptop9rhnmay42INPTTCid+6QIQcEgl08MiAdfEw5VnyWHaqrb7tdZ0+tb8QPgxNx
    qQ2JhcTo10e3xef+o7332ScXOscyI+zVZWrfS6WELuPeRF7EekC2lIdtQ5XT3llL
    rL1ecHdp0fyZ+L5qKI87TNeOH2H+oKfGS2LcO7Pt4mFEJYLFaipGl5FpDWcD/ygW
    I6vynPxtaJhPiqIFtBOPSDsRl2/0HCqb
    =+DI2
    -----END PGP PUBLIC KEY BLOCK-----

# Configure

Install a configuration at `/etc/qvisqve/qvisqve.yaml` with the
following content:

    log: 
      - filename: /var/log/qvisqve.log
    token-issuer: iss
    token-audience: aud
    token-public-key: ssh-rsa ...

For now, any ssh public key will do for the `token-public-key`.

# Run

To run Qvisqve, run this command:

    /usr/bin/start_qvisqve

After a few seconds, the 12765 port should be accepting requests:

    curl http://127.0.0.1:12765/version

This should report the current Qvisqve version.
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-06 15:01:49 +0000