KeyCloakAuthenticator: Authenticate JupyterHub users with KeyCloak and OIDC
Project description
KeyCloakAuthenticator
Authenticates users via SSO using OIDC
Requirements
- Jupyterhub
- oauthenticator
- PyJWT
Installation
pip install keycloakauthenticator
Usage
In your JupyterHub config file, set the authenticator and configure it:
# Enable the authenticator
c.JupyterHub.authenticator_class = 'keycloakauthenticator.KeyCloakAuthenticator'
c.KeyCloakAuthenticator.enable_auth_state = True
c.KeyCloakAuthenticator.username_key = 'preferred_username'
c.KeyCloakAuthenticator.logout_redirect_uri = 'https://cern.ch/swan'
c.KeyCloakAuthenticator.oauth_callback_url = 'https://swan.cern.ch/hub/oauth_callback'
# Retrieve the user uid from the token
def get_uid_hook(spawner, auth_state):
spawner.user_uid = auth_state['oauth_user']['cern_uid']
c.KeyCloakAuthenticator.get_uid_hook = get_uid_hook
# Specify the issuer url, to get all the endpoints automatically from .well-known/openid-configuration
c.KeyCloakAuthenticator.oidc_issuer = 'https://auth.cern.ch/auth/realms/cern'
# Only allow users with this specific roles (none, to allow all)
c.KeyCloakAuthenticator.accepted_roles = set()
# Specify the role to set a user as admin
c.KeyCloakAuthenticator.admin_role = 'swan-admin'
It's also necessary to configure the Client ID and secret. One way of doing this is by setting the following environment variables:
OAUTH_CLIENT_ID=my_id
OAUTH_CLIENT_SECRET=my_secret
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for keycloakauthenticator-0.0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | c130774ac66eea984ee7109739c3ae530cb7c1501e4b207830190f904b24ab6a |
|
MD5 | 986cc9658ba64954527a631316ba5294 |
|
BLAKE2b-256 | ab413feb44aa08549d32c5b4c22f3361963b183ad09a55bbc35d7d1d3098ec63 |
Close
Hashes for keycloakauthenticator-0.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ec8d8bcabc9196f183b98f46dcb7ffdc28b4d1d09d8bc80eac28e1588ba2439d |
|
MD5 | c421d9730bc053fbdc6180c4cc069601 |
|
BLAKE2b-256 | d0a415dc709bad926abe60e0d3a1ce9f5ad85522fea355504ce00f667631642b |