Hello, I am trying to setup CAS with TLJH.
I am following : https://github.com/cwaldbieser/jhub_cas_authenticator
I enabled https using lets encrypt with these instructions : https://the-littlest-jupyterhub.readthedocs.io/en/latest/howto/admin/https.html
Below is what I am guessing would be the translation into TLJH “speak”.
CAS config
c.JupyterHub.authenticator_class = 'jhub_cas_authenticator.cas_auth.CASAuthenticator'
sudo tljh-config set auth.type jhub_cas_authenticator.cas_auth.CASAuthenticator
# The CAS URL to redirect unauthenticated users to
c.CASAuthenticator.cas_login_url = 'https://cas.example.net/cas/login'
sudo tljh-config set auth.CASAuthenticator.cas_login_url 'https://<my_tljh_url>/cas/login'
# The service URL the CAS server will redirect the browser back to on successful authentication.
# If not set, this is set to the same URL the request comes in on. This will work fine for
# simple deployments, but deployments behind a proxy or load balancer will likely need to
# be adjusted so the CAS service redirects back to the *real* login URL for your Jupyterhub.
c.CASAuthenticator.cas_service_url = 'https://your-jupyterhub.tld/login'
sudo tljh-config set auth.CASAuthenticator.cas_service_url 'https://<my_tljh_url>/login'
# Path to CA certificates the CAS client will trust when validating a service ticket.
c.CASAuthenticator.cas_client_ca_certs = '/path/to/ca_certs.pem'
sudo tljh-config set auth.CASAuthenticator.cas_client_ca_certs '/path/to/ca_certs.pem' ## what&where is this????
# The CAS endpoint for validating service tickets.
c.CASAuthenticator.cas_service_validate_url = 'https://cas.example.net/cas/p3/serviceValidate'
sudo tljh-config set auth.CASAuthenticator.cas_service_validate_url 'https://<my_tljh_url>/cas/p3/serviceValidate'
# A set of attribute name and value tuples a user must have to be allowed access.
c.CASAuthenticator.cas_required_attribs = {('memberOf', 'jupyterhub_users')}
sudo tljh-config set auth.CASAuthenticator.cas_required_attribs {('memberOf', 'jupyterhub_users')}
How do I figure out what the location and name is of the “ca_certs.pem” file? Does my “translation” look to be correct?
Note: I executed sudo pip install jhub_cas_authenticator
(most of it was already installed and current)
I basically tried the CAS setup with these settings
tljh-config show
https:
enabled: true
letsencrypt:
email: shootme@tryinghard.edu
environment:
VALIDATION: duckdns
SUBDOMAIN: wildcard
DUCKDNSTOKEN: TOKEN#
TZ: US/Arizona
PUID: 1000
PGID: 1000
domains:
- sgsup-tljh.duckdns.org
auth:
CASAuthenticator:
cas_login_url: https://mydomain/cas/login
cas_service_url: https://mydomain/login
cas_client_ca_certs: /opt/tljh/user/ssl/cacert.pem
cas_service_validate_url: https://mydomain/cas/p3/serviceValidate
type: jhub_cas_authenticator.cas_auth.CASAuthenticator
I could not “set” this parameter
sudo tljh-config set auth.CASAuthenticator.cas_required_attribs {('memberOf', 'jupyterhub_users')}
tljh does not like arrays with it’s name value pairs?
when I executed sudo tljh-config reload
I got a 404 error. I am guessing the proxy got hosed. Any thoughts