Within your browser, load the FQDN or IP of the server to load the AuthStack Installer.
You should be presented with the screen below. Click Install to proceed.
Step 1 - Licence Check
The next screen will require a valid licence to be entered.
You can obtain your existing licences or order new, from within your account on the Buckhill website.
Once the licence check passes you will be able to enter MySQL details. Please note that your licence must match the URL specified within NGINX and the DNS when installing AuthStack.
Step 2 - MySQL Details
- Ensure that you have created an empty database (e.g. authstack)
- You have setup a specific username and password for the new database, please do not use the root MySQL account
If you attempt to use a non-empty database, the installer will not let you continue.
If all checks pass, the installer will report a success message. You may then click to proceed to the user configuration.
Step 3 - Admin User
Please create a unique username which does not contain only admin or root
Your password must contain at least 1 lowercase letter, 1 uppercase letter, 1 number and be at least 8 characters long.
Once you have completed filling out the administration user account, click Create administrative user.
If the validation passes you will be presented with a success message.
Step 4 - Final Config
The final step requires configuration of the IdP module within AuthStack.
- Entity ID: This is a globally unique name for the IdP, this can be the URL of your IdP or another name. The installer will default the entity ID to the URL.
- Organisation Name: This is the name exposed by the IdP module to other third parties within the metadata.
- Organisation URL: This is the URL to your main company website
- Organisation Display Name: This is the name used within statements such as "Operated by...", "Owned by..."
The next set of questions covers signing information. We recommend you leave the default settings unless you have a specific requirement.
The last section covers the SSL key used to encrypt your SAML messages. AuthStack requires a private key and X.509 certificate. As the trust is established between two systems by exchanging metadata the SSL certificate may be self-signed without the need of a globally published and trusted Certificate Authority.
Generating a self-signed certificate is a simple process, from within your SSH terminal, locate the AuthStack base path and open the SSL folder.
Run the following command (replace example.org with your own FQDN):
Important: You must complete all the questions accurately, otherwise the installation process will fail as the SSL key is checked. The most important of which is the "Common Name", which asks for a FQDN. Please ensure this matches the URL you have setup for AuthStack.
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
See below for an example of the inputs
Once the SSL has been generated, run the following command to display the certificate and key inside the console:
Next, copy paste the contents of the .crt file into the X.509 certificate box.
Return to the terminal and perform the same command, but this time for the .pem file.
And finally, copy paste the contents of the .pem file into the Private Key box
If you have chosen to add a password to your SSL certificate, please enter that password within the Private key passphase input box.
Click Proceed and Install Authstack to complete the installation process.
Login to Admin
Once the installation completes, you will be presented with the login screen.
Click Login in order to proceed, enter your admin username and password.
Congratulations! You have completed the AuthStack installation.