No project description provided
Project description
Jupyterhub SAML Auth
Authenticate your Jupyterhub users using SAML. This authenticator uses OneLogin's python3-saml package as a backend API for handling SAML authentication.
Installation
For now, install via pip and git
pip install git+https://github.com/ucsd-ets/jupyterhub-saml-auth.git
Configuration
See the jupyterhub_config.py
example configuration below for how to integrate this package with jupyterhub
def extract_username(acs_handler, attributes):
email = attributes['email'][0]
username = email.split('@')[0]
return username
# The configuration path is for OneLogin's python3-saml package. This directory is where
# settings.json & advanced_settings.json go. See https://github.com/onelogin/python3-saml
# for more info about this
c.SAMLAuthenticator.saml_settings_path = '/app/etc'
# The cookies that your IdP uses for maintaining a login session. These will be cleared
# once the user hits 'logout'
c.SAMLAuthenticator.session_cookie_names = {'PHPSESSIDIDP', 'SimpleSAMLAuthTokenIdp'}
# Function that extracts the username from the SAML attributes.
c.SAMLAuthenticator.extract_username = extract_username
# register the SAML authenticator with jupyterhub
c.JupyterHub.authenticator_class = 'jupyterhub_saml_auth.SAMLAuthenticator'
Development
Prerequisite software
- docker
- docker compose
- python3
- Firefox or Chrome
Create a development environment
# at project root
python3 -m venv .
source bin/activate
pip install -r requirements.txt
# start the docker containers
docker compose up -d
Test the authentication process
The application and IdP runs as docker containers and bind to ports: 8000, 8443, and 8080. You can navigate to localhost:8000
in your browser to begin testing and to login via SAML, navigate to localhost:8000/hub/saml_login
. The user registered in the IdP is user1
with password user1pass
.
Kill your docker environment
To kill the docker containers, run the command docker compose down
at the project root.
Run the automated tests
The commands below kick off a selenium end-to-end test that will test the full authentication and logout process.
# at project root
pytest tests --browser <firefox|chrome> # defaults to firefox
pytest tests --headless # no browser will be opened if passed --headless flag
References
https://github.com/onelogin/python3-saml
https://goteleport.com/blog/how-saml-authentication-works/
https://medium.com/@BoweiHan/elijd-single-sign-on-saml-and-single-logout-624efd5a224
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for jupyterhub_saml_auth-0.1.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e0c9d9fc8bbfb5eeb692986c5e2475d4112d37f05933951b3d477349c658d61b |
|
MD5 | 4b3bc3a60bf8b0e13a3272f6d76c2c88 |
|
BLAKE2b-256 | 2174232cf6a9d85ceab7d83fc9876f77f4ff715147ed8928aaa18bcfc7a253b0 |
Hashes for jupyterhub_saml_auth-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 85a7930ef1e74739a078c2de21828d7fceb31872d9719dd8e467b58ce7531b78 |
|
MD5 | fa75cf07324d3b9781e79ed90bc98eb3 |
|
BLAKE2b-256 | 84523cdce3bbf54af9a47b1f1442cfaffbab4aa253a6583a1929227e9a2ae844 |