Hi,
we’re using JupyterHub to spawn JupyterLab containers via the dockerspawner.SystemUserSpawner
class. For authentication we are using a custom class extension of the PAMAuthenticator
class which does some additional creation of kerberos tickets if the user is authenticated with the system.
The Kerberos tickets expire after 10 hours and we need to force the users to login with JH in order to create a new kerberos ticket.
We have tried with various approaches to force a redirect to JH from the JupyterLab servers.
e.g. in the jupyterhub_config.py
:
JupyterHub.cookie_max_age_days = 0.4125
as suggested by https://github.com/jupyterhub/jupyterhub/issues/673
and
c.JupyterHub.tornado_settings.cookie_options = dict(expires_days=0.41.25, max_age_days=0.4125)
as suggested by https://github.com/jupyterhub/jupyterhub/issues/2277
Both of which seems to generate a log entry in jupyterhub in the lines of:
[...] JupyterHub base:350] Invalid or expired cookie token
but which doesn’t force the user to log out.
If the user clicks on the “Hub Control Panel” entry in the file menu, they are redirected to a login page on the JH side, but if they use a deep link to their JupyterLab instance (e.g. https://{server_name}/user/{username}/lab?
), they are not prompted for their credentials.
How do I force a redirection to the jupyterhub login page?
Update: this seems tangentially related to Culling JupyterLab and OAuth cookies causing errors when user returns days later to use system