AuthStack Setup

Once you have completed the manual or automated installation the next step is to install and configure AuthStack itself.

Within your browser, load the FQDN or IP of the server to load the AuthStack Installer.

You should be presented with the screen below. Click Install to proceed.


Step 1 - Licence Check

The next screen will require a valid licence to be entered.
You can obtain your existing licences or order new, from within your account on the Buckhill website.

Once the licence check passes you will be able to enter MySQL details. Please note that your licence must match the URL specified within NGINX and the DNS when installing AuthStack.


Step 2 - MySQL Details

Before continuing

  1. Ensure that you have created an empty database (e.g. authstack)
  2. You have setup a specific username and password for the new database, please do not use the root MySQL account

If you attempt to use a non-empty database, the installer will not let you continue.


If all checks pass, the installer will report a success message. You may then click to proceed to the user configuration.


Step 3 - Admin User

Please create a unique username which does not contain only admin or root


Your password must contain at least 1 lowercase letter, 1 uppercase letter, 1 number and be at least 8 characters long.

Once you have completed filling out the administration user account, click Create administrative user.

If the validation passes you will be presented with a success message.


Step 4 - Final Config

The final step requires configuration of the IdP module within AuthStack.

  • Entity ID: This is a globally unique name for the IdP, this can be the URL of your IdP or another name. The installer will default the entity ID to the URL.
  • Organisation Name: This is the name exposed by the IdP module to other third parties within the metadata.
  • Organisation URL: This is the URL to your main company website
  • Organisation Display Name: This is the name used within statements such as "Operated by...", "Owned by..."

The next set of questions covers signing information. We recommend you leave the default settings unless you have a specific requirement.

The last section covers the SSL key used to encrypt your SAML messages. AuthStack requires a private key and X.509 certificate. As the trust is established between two systems by exchanging metadata the SSL certificate may be self-signed without the need of a globally published and trusted Certificate Authority.

Generating a self-signed certificate is a simple process, from within your SSH terminal, locate the AuthStack base path and open the SSL folder.


Run the following command (replace example.org with your own FQDN):

Important: You must complete all the questions accurately, otherwise the installation process will fail as the SSL key is checked. The most important of which is the "Common Name", which asks for a FQDN. Please ensure this matches the URL you have setup for AuthStack.

openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem

See below for an example of the inputs


Once the SSL has been generated, run the following command to display the certificate and key inside the console:

cat example.org.crt

Next, copy paste the contents of the .crt file into the X.509 certificate box.

Return to the terminal and perform the same command, but this time for the .pem file.

cat example.org.pem

And finally, copy paste the contents of the .pem file into the Private Key box

If you have chosen to add a password to your SSL certificate, please enter that password within the Private key passphase input box.

Click Proceed and Install Authstack to complete the installation process.

Login to Admin

Once the installation completes, you will be presented with the login screen.

Click Login in order to proceed, enter your admin username and password.


Congratulations! You have completed the AuthStack installation.

Previous Article

Installing CLI tools

Next Article

Unattended Setup

We're happy to talk

Our offices are open 8.30am - 7pm GMT, Monday to Friday - but you can always contact us via email. When we receive your email during opening hours, we aim to respond within 30 minutes or less. Should your email reach us out of hours, we will contact you when the office re-opens.

You can contact us using live chat