Skip to content

Commit

Permalink
Added OAuth2 bridge, made configuration more portable
Browse files Browse the repository at this point in the history
root committed Sep 27, 2018
1 parent 0dbde05 commit c3a8ca9
Showing 5 changed files with 69 additions and 10 deletions.
1 change: 1 addition & 0 deletions .env
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=jupyterhub
21 changes: 18 additions & 3 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -3,22 +3,27 @@ version: '3'
services:
jupyterhub:
build: jupyterhub
image: jupyterhub_img
container_name: jupyterhub
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- jupyterhub_data:/srv/jupyterhub
environment:
DOCKER_JUPYTER_CONTAINER: root_jupyterlab
DOCKER_NETWORK_NAME: root_default
DOCKER_JUPYTER_CONTAINER: jupyterlab_img
DOCKER_NETWORK_NAME: ${COMPOSE_PROJECT_NAME}_default
HUB_IP: jupyterhub
labels:
- "traefik.enable=true"
- "traefik.hub.frontend.rule=Host:jupyter.ens.uvsq.fr"
- "traefik.frontend.rule=Host:jupyter.ens.uvsq.fr"
restart: on-failure

jupyterlab:
build: jupyterlab
image: jupyterlab_img
container_name: jupyterlab-throaway
network_mode: none
command: echo

reverse-proxy:
image: traefik
container_name: reverse-proxy
@@ -32,5 +37,15 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
restart: on-failure

oauth2_server:
image: defeo/cas2oauth2bridge
container_name: c2o2b
volumes:
- ./oauth2/config.js:/home/node/config.js
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:jupyter.ens.uvsq.fr;PathPrefixStrip:/c2o2b/"
restart: on-failure

volumes:
jupyterhub_data:
10 changes: 5 additions & 5 deletions jupyterhub/jupyterhub_config.py
Original file line number Diff line number Diff line change
@@ -8,19 +8,19 @@
from tornado.auth import OAuth2Mixin

class UVSQMixin(OAuth2Mixin):
_OAUTH_AUTHORIZE_URL = 'https://keats.prism.uvsq.fr/oauth2/login'
_OAUTH_ACCESS_TOKEN_URL = 'https://keats.prism.uvsq.fr/oauth2/token'
_OAUTH_AUTHORIZE_URL = 'https://jupyter.ens.uvsq.fr/c2o2b/login'
_OAUTH_ACCESS_TOKEN_URL = 'https://jupyter.ens.uvsq.fr/c2o2b/token'

class UVSQLoginHandler(OAuthLoginHandler, UVSQMixin):
pass

class UVSQAuthenticator(GenericOAuthenticator):
login_service = 'UVSQ'
login_handler = UVSQLoginHandler
client_id = '1'
client_id = '0'
client_secret = ''
userdata_url = 'https://keats.prism.uvsq.fr/oauth2/userdata'
token_url = 'https://keats.prism.uvsq.fr/oauth2/token'
userdata_url = 'https://jupyter.ens.uvsq.fr/c2o2b/userdata'
token_url = 'https://jupyter.ens.uvsq.fr/c2o2b/token'
oauth_callback_url = 'https://jupyter.ens.uvsq.fr/hub/oauth_callback'

c.JupyterHub.authenticator_class = UVSQAuthenticator
41 changes: 41 additions & 0 deletions oauth2/config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
module.exports = {
// The URL where the OAuth2 server will respond
appURL: "https://jupyter.ens.uvsq.fr/c2o2b",
// The port to bind to
port: process.env.PORT,

// The endpoints of the CAS server (v1.0) to authenticate to
cas: {
entryPoint: "https://cas.uvsq.fr/login",
validate: "https://cas.uvsq.fr/serviceValidate",
},
// The endpoint of the SAML server (v2.0) to authenticate to
saml: {
entryPoint: "https://cas.uvsq.fr/login",
issuer: "cas2oauth2bridge",
},

// The cipher used to encrypt cookies
crypto: {
// Authenticated encryption mode
algorithm: "aes-256-gcm",
// If initialized to zero, like here, a random key will be
// generated at startup (hence, cookies will not survive
// reboot).
key: Buffer.alloc(32),
ivlen: 16,
},

// Definition of the services
oauth: {
// Expiration time of authentication cookies
tokenLifetime: 24*60*60,
// The services allowed to authenticate to this server
clients: {
"0": {
secret: null,
redirectUri: new RegExp('^https://jupyter\\.ens\\.uvsq\\.fr/'),
},
},
},
}
6 changes: 4 additions & 2 deletions reverse-proxy/traefik.toml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
debug = false
debug = true

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
@@ -17,6 +17,8 @@ defaultEntryPoints = ["https","http"]

[docker]
domain = "docker.local"
#watch = true
watch = true

[api]
[api.statistics]
recentErrors = 10

0 comments on commit c3a8ca9

Please sign in to comment.