Skip to main content

No project description provided

Project description

https://travis-ci.org/rasmunk/jhub-authenticators.svg?branch=master

Jupyterhub Authenticators

Authenticate to Jupyterhub using an authenticating proxy that can set the Remote-User header. Also supports for passing additional information to the jupyter user. This includes a list of user defined /data headers.

Installation

Installation from pypi:

pip install jhub-authenticators

Installation from local git repository:

cd jhub-authenticators
pip install .

Configuration

You should edit your jupyterhub_config.py config file to set the authenticator class:

c.JupyterHub.authenticator_class = 'jhubauthenticators.RemoteUserAuthenticator'

You should be able to start jupyterhub. The “/login” resource will look for the authenticated user name in the HTTP header “Remote-User”. If found, and not blank, you will be logged in as that user.

Alternatively, you can use RemoteUserLocalAuthenticator:

c.JupyterHub.authenticator_class = 'jhubauthenticators.RemoteUserLocalAuthenticator'

This provides the same authentication functionality but is derived from LocalAuthenticator and therefore provides features such as the ability to add local accounts through the admin interface if configured to do so.

Dummy Authentication

Provides an option for testing JupyterHub authentication with a dummy authenticator that can have a global preset password for any account:

c.JupyterHub.authenticator_class = 'jhubauthenticators.DummyAuthenticator'
c.DummyAuthenticator.password = 'password'

Note! Don’t use in production.

Remote User Authentication extended with user-defined headers

Provides the capability to supply the jupyterhub user with additional state information via the /data path. This adds two base request paths to the jupyterhub web application:

'/login' -> requires a non empty Remote-User header
'/data' -> requires both an authenticated request and a valid configured header

Before information can be passed to the user via the ‘/data’ path, a list of valid headers is required. These preset valid headers are then upon a POST request to the ‘/data’ URl appended to the current authenticated jupyterhub user data dictionary. I.e. user.data[Header] = HeaderValue

The extended authenticator can be activated by setting the following option in the jupyterhub config file:

c.JupyterHub.authenticator_class = 'jhubauthenticators.DataRemoteUserAuthenticator'
# Making 'State' a valid header to pass to /data
c.DataRemoteUserAuthenticator.data_headers = ['State']

Beyond providing the custom header possibility, the authenticator also by default encodes the Remote-User header with ‘b32encode’. The authenticator therefore also provides the possibility of storing the actual value for debugging purposes in the user.real_name variable via the jupyterhub auth_state mechanism of passing information to the spawner as noted at Authenticators.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jhub-authenticators-0.1.0.tar.gz (5.2 kB view hashes)

Uploaded Source

Built Distribution

jhub_authenticators-0.1.0-py3-none-any.whl (5.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page