CAS Authentication

JupyterHub The Littlest JupyterHub
1

Hello, I am trying to setup CAS with TLJH.
I am following : https://github.com/cwaldbieser/jhub_cas_authenticator

I enabled https using lets encrypt with these instructions : https://the-littlest-jupyterhub.readthedocs.io/en/latest/howto/admin/https.html

Below is what I am guessing would be the translation into TLJH “speak”.

CAS config
c.JupyterHub.authenticator_class = 'jhub_cas_authenticator.cas_auth.CASAuthenticator'

sudo tljh-config set auth.type jhub_cas_authenticator.cas_auth.CASAuthenticator

# The CAS URL to redirect unauthenticated users to
c.CASAuthenticator.cas_login_url = 'https://cas.example.net/cas/login'

sudo tljh-config set auth.CASAuthenticator.cas_login_url 'https://<my_tljh_url>/cas/login'

# The service URL the CAS server will redirect the browser back to on successful authentication.
# If not set, this is set to the same URL the request comes in on.  This will work fine for
# simple deployments, but deployments behind a proxy or load balancer will likely need to
# be adjusted so the CAS service redirects back to the *real* login URL for your Jupyterhub.
c.CASAuthenticator.cas_service_url = 'https://your-jupyterhub.tld/login'

sudo tljh-config set auth.CASAuthenticator.cas_service_url 'https://<my_tljh_url>/login'

# Path to CA certificates the CAS client will trust when validating a service ticket.
c.CASAuthenticator.cas_client_ca_certs = '/path/to/ca_certs.pem'

sudo tljh-config set auth.CASAuthenticator.cas_client_ca_certs '/path/to/ca_certs.pem' ## what&where is this????

# The CAS endpoint for validating service tickets.
c.CASAuthenticator.cas_service_validate_url = 'https://cas.example.net/cas/p3/serviceValidate'

sudo tljh-config set auth.CASAuthenticator.cas_service_validate_url 'https://<my_tljh_url>/cas/p3/serviceValidate'

# A set of attribute name and value tuples a user must have to be allowed access.
c.CASAuthenticator.cas_required_attribs = {('memberOf', 'jupyterhub_users')}

sudo tljh-config set auth.CASAuthenticator.cas_required_attribs {('memberOf', 'jupyterhub_users')}

How do I figure out what the location and name is of the “ca_certs.pem” file? Does my “translation” look to be correct?

Note: I executed sudo pip install jhub_cas_authenticator (most of it was already installed and current)

I basically tried the CAS setup with these settings
tljh-config show

https:
  enabled: true
  letsencrypt:
    email: shootme@tryinghard.edu
    environment:
      VALIDATION: duckdns
      SUBDOMAIN: wildcard
      DUCKDNSTOKEN: TOKEN#
      TZ: US/Arizona
      PUID: 1000
      PGID: 1000
    domains:
    - sgsup-tljh.duckdns.org
auth:
  CASAuthenticator:
    cas_login_url: https://mydomain/cas/login
    cas_service_url: https://mydomain/login
    cas_client_ca_certs: /opt/tljh/user/ssl/cacert.pem
    cas_service_validate_url: https://mydomain/cas/p3/serviceValidate
  type: jhub_cas_authenticator.cas_auth.CASAuthenticator

I could not “set” this parameter
sudo tljh-config set auth.CASAuthenticator.cas_required_attribs {('memberOf', 'jupyterhub_users')}
tljh does not like arrays with it’s name value pairs?
when I executed sudo tljh-config reload
I got a 404 error. I am guessing the proxy got hosed. Any thoughts