diff --git a/docker-compose.yml b/docker-compose.yml index e65ac87..a779dad 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,15 +37,5 @@ services: - /var/run/docker.sock:/var/run/docker.sock restart: on-failure - oauth2_server: - image: defeo/cas2oauth2bridge - container_name: c2o2b - volumes: - - ./oauth2/config.js:/home/node/config.js - labels: - - "traefik.enable=true" - - "traefik.frontend.rule=Host:jupyter.ens.uvsq.fr;PathPrefixStrip:/c2o2b/" - restart: on-failure - volumes: jupyterhub_data: diff --git a/jupyterhub/Dockerfile b/jupyterhub/Dockerfile index bfd9f75..0e81c33 100644 --- a/jupyterhub/Dockerfile +++ b/jupyterhub/Dockerfile @@ -6,4 +6,4 @@ RUN wget https://raw.githubusercontent.com/jupyterhub/jupyterhub/0.9.3/examples/ RUN pip install \ dockerspawner==0.10.0 \ - oauthenticator==0.8.0 + jhub_cas_authenticator==1.0.0 diff --git a/jupyterhub/jupyterhub_config.py b/jupyterhub/jupyterhub_config.py index 687e1aa..baf0ff5 100644 --- a/jupyterhub/jupyterhub_config.py +++ b/jupyterhub/jupyterhub_config.py @@ -3,27 +3,18 @@ c.Spawner.default_url = '/lab' ## Authenticator -from oauthenticator.oauth2 import OAuthLoginHandler -from oauthenticator.generic import GenericOAuthenticator -from tornado.auth import OAuth2Mixin - -class UVSQMixin(OAuth2Mixin): - _OAUTH_AUTHORIZE_URL = 'https://jupyter.ens.uvsq.fr/c2o2b/login' - _OAUTH_ACCESS_TOKEN_URL = 'https://jupyter.ens.uvsq.fr/c2o2b/token' - -class UVSQLoginHandler(OAuthLoginHandler, UVSQMixin): - pass - -class UVSQAuthenticator(GenericOAuthenticator): - login_service = 'UVSQ' - login_handler = UVSQLoginHandler - client_id = '0' - client_secret = '' - userdata_url = 'https://jupyter.ens.uvsq.fr/c2o2b/userdata' - token_url = 'https://jupyter.ens.uvsq.fr/c2o2b/token' - oauth_callback_url = 'https://jupyter.ens.uvsq.fr/hub/oauth_callback' - -c.JupyterHub.authenticator_class = UVSQAuthenticator +from jhub_cas_authenticator.cas_auth import CASAuthenticator +c.JupyterHub.authenticator_class = CASAuthenticator + +# The CAS URLs to redirect (un)authenticated users to. +c.CASAuthenticator.cas_login_url = 'https://cas.uvsq.fr/login' +c.CASLocalAuthenticator.cas_logout_url = 'https://cas.uvsq/logout' + +# The CAS endpoint for validating service tickets. +c.CASAuthenticator.cas_service_validate_url = 'https://cas.uvsq.fr/serviceValidate' + +# The service URL the CAS server will redirect the browser back to on successful authentication. +c.CASAuthenticator.cas_service_url = 'https://sage.prism.uvsq.fr/hub/login' c.Authenticator.admin_users = { 'lucadefe' } diff --git a/oauth2/config.js b/oauth2/config.js deleted file mode 100644 index 935858e..0000000 --- a/oauth2/config.js +++ /dev/null @@ -1,41 +0,0 @@ -module.exports = { - // The URL where the OAuth2 server will respond - appURL: "https://jupyter.ens.uvsq.fr/c2o2b", - // The port to bind to - port: process.env.PORT, - - // The endpoints of the CAS server (v1.0) to authenticate to - cas: { - entryPoint: "https://cas.uvsq.fr/login", - validate: "https://cas.uvsq.fr/serviceValidate", - }, - // The endpoint of the SAML server (v2.0) to authenticate to - saml: { - entryPoint: "https://cas.uvsq.fr/login", - issuer: "cas2oauth2bridge", - }, - - // The cipher used to encrypt cookies - crypto: { - // Authenticated encryption mode - algorithm: "aes-256-gcm", - // If initialized to zero, like here, a random key will be - // generated at startup (hence, cookies will not survive - // reboot). - key: Buffer.alloc(32), - ivlen: 16, - }, - - // Definition of the services - oauth: { - // Expiration time of authentication cookies - tokenLifetime: 24*60*60, - // The services allowed to authenticate to this server - clients: { - "0": { - secret: null, - redirectUri: new RegExp('^https://jupyter\\.ens\\.uvsq\\.fr/'), - }, - }, - }, -}