No project description provided
Project description
Jupyterhub SAML Auth
Authenticate your Jupyterhub users using SAML. This authenticator uses OneLogin's python3-saml package as a backend API for handling SAML authentication.
Installation
For now, install via pip and git
pip install git+https://github.com/ucsd-ets/jupyterhub-saml-auth.git
Configuration
See the jupyterhub_config.py example configuration below for how to integrate this package with jupyterhub
def extract_username(acs_handler, attributes):
email = attributes['email'][0]
username = email.split('@')[0]
return username
# The configuration path is for OneLogin's python3-saml package. This directory is where
# settings.json & advanced_settings.json go. See https://github.com/onelogin/python3-saml
# for more info about this
c.SAMLAuthenticator.saml_settings_path = '/app/etc'
# The cookies that your IdP uses for maintaining a login session. These will be cleared
# once the user hits 'logout'
c.SAMLAuthenticator.session_cookie_names = {'PHPSESSIDIDP', 'SimpleSAMLAuthTokenIdp'}
# Function that extracts the username from the SAML attributes.
c.SAMLAuthenticator.extract_username = extract_username
# register the SAML authenticator with jupyterhub
c.JupyterHub.authenticator_class = 'jupyterhub_saml_auth.SAMLAuthenticator'
Development
Prerequisite software
- docker
- docker compose
- python3
- Firefox or Chrome
Create a development environment
# at project root
python3 -m venv .
source bin/activate
pip install -r requirements.txt
# start the docker containers
docker compose up -d
Test the authentication process
The application and IdP runs as docker containers and bind to ports: 8000, 8443, and 8080. You can navigate to localhost:8000 in your browser to begin testing and to login via SAML, navigate to localhost:8000/hub/saml_login. The user registered in the IdP is user1 with password user1pass.
Kill your docker environment
To kill the docker containers, run the command docker compose down at the project root.
Run the automated tests
The commands below kick off a selenium end-to-end test that will test the full authentication and logout process.
# at project root
pytest tests --browser <firefox|chrome> # defaults to firefox
pytest tests --headless # no browser will be opened if passed --headless flag
References
https://github.com/onelogin/python3-saml
https://goteleport.com/blog/how-saml-authentication-works/
https://medium.com/@BoweiHan/elijd-single-sign-on-saml-and-single-logout-624efd5a224
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for jupyterhub_saml_auth-0.1.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e0c9d9fc8bbfb5eeb692986c5e2475d4112d37f05933951b3d477349c658d61b |
|
| MD5 | 4b3bc3a60bf8b0e13a3272f6d76c2c88 |
|
| BLAKE2b-256 | 2174232cf6a9d85ceab7d83fc9876f77f4ff715147ed8928aaa18bcfc7a253b0 |
Hashes for jupyterhub_saml_auth-0.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 85a7930ef1e74739a078c2de21828d7fceb31872d9719dd8e467b58ce7531b78 |
|
| MD5 | fa75cf07324d3b9781e79ed90bc98eb3 |
|
| BLAKE2b-256 | 84523cdce3bbf54af9a47b1f1442cfaffbab4aa253a6583a1929227e9a2ae844 |
