KeyCloakAuthenticator: Authenticate JupyterHub users with KeyCloak and OIDC
Project description
KeyCloakAuthenticator
Authenticates users via SSO using OIDC
Requirements
- Jupyterhub
- oauthenticator
- PyJWT
Installation
pip install keycloakauthenticator
Usage
In your JupyterHub config file, set the authenticator and configure it:
# Enable the authenticator
c.JupyterHub.authenticator_class = 'keycloakauthenticator.KeyCloakAuthenticator'
c.KeyCloakAuthenticator.enable_auth_state = True
c.KeyCloakAuthenticator.username_key = 'preferred_username'
c.KeyCloakAuthenticator.logout_redirect_uri = 'https://cern.ch/swan'
c.KeyCloakAuthenticator.oauth_callback_url = 'https://swan.cern.ch/hub/oauth_callback'
# Retrieve the user uid from the token
def get_uid_hook(spawner, auth_state):
spawner.user_uid = auth_state['oauth_user']['cern_uid']
c.KeyCloakAuthenticator.get_uid_hook = get_uid_hook
# Specify the issuer url, to get all the endpoints automatically from .well-known/openid-configuration
c.KeyCloakAuthenticator.oidc_issuer = 'https://auth.cern.ch/auth/realms/cern'
# Only allow users with this specific roles (none, to allow all)
c.KeyCloakAuthenticator.accepted_roles = set()
# Specify the role to set a user as admin
c.KeyCloakAuthenticator.admin_role = 'swan-admin'
It's also necessary to configure the Client ID and secret. One way of doing this is by setting the following environment variables:
OAUTH_CLIENT_ID=my_id
OAUTH_CLIENT_SECRET=my_secret
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for keycloakauthenticator-0.0.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | ef7bd0c5987d1e5c67e9c648e16e7ad896ca4c6a076032aadd4937d205e6cf3c |
|
MD5 | b2b4113bc4a9df8176f54ceca04a90b6 |
|
BLAKE2b-256 | 14091e0fdaded5ec771f5ab1f1cc88895af20d221893dd243e74ef7617386af0 |
Close
Hashes for keycloakauthenticator-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6c8aaf99063ccb75a4028506500e7be3b64dd5f0f7877adacffdacbc7d13676f |
|
MD5 | 6ff62b912ca19c353c2c350a41ad8fa7 |
|
BLAKE2b-256 | 5d5a44dd47837e2d5025557951c2cb08852b977da9513b9d10d61a371795bba1 |