Jupyterhub authorisation with Azure Authentication is failing

Hello, we are deploying Jupyterhub on gke cluster on GCP. We are using azure authentication for user login. But when user clicks on “Sign in with Azure AD” tab we are getting
500:Internal Server Error

Error what we are seeing in logs -

[E 2023-02-17 06:05:57.802 JupyterHub oauth2:386] Error fetching 599 POST https://login.microsoftonline.com/<id>/oauth2/v2.0/token: HTTP 599: gnutls_handshake() failed: Error in the pull function.

[E 2023-02-17 06:05:57.802 JupyterHub web:1798] Uncaught exception GET /hub/oauth_callback?code=0.AUcAKc-O8aZol0aS-....

Traceback (most recent call last):
      File "/usr/local/lib/python3.10/dist-packages/tornado/web.py", line 1713, in _execute
        result = await result
      File "/usr/local/lib/python3.10/dist-packages/oauthenticator/oauth2.py", line 222, in get
        user = await self.login_user()
      File "/usr/local/lib/python3.10/dist-packages/jupyterhub/handlers/base.py", line 801, in login_user
        authenticated = await self.authenticate(data)
      File "/usr/local/lib/python3.10/dist-packages/jupyterhub/auth.py", line 491, in get_authenticated_user
        authenticated = await maybe_future(self.authenticate(handler, data))
      File "/usr/local/lib/python3.10/dist-packages/oauthenticator/azuread.py", line 69, in authenticate
        resp_json = await self.fetch(req)
      File "/usr/local/lib/python3.10/dist-packages/oauthenticator/oauth2.py", line 387, in fetch
        raise e
      File "/usr/local/lib/python3.10/dist-packages/oauthenticator/oauth2.py", line 366, in fetch
        resp = await self.http_client.fetch(req, **kwargs)
    tornado.curl_httpclient.CurlError: HTTP 599: gnutls_handshake() failed: Error in the pull function.

Our config file is :-

c.JupyterHub.authenticator_class = AzureAdOAuthenticator
c.AzureAdOAuthenticator.scope = ['openid']
c.AzureAdOAuthenticator.oauth_callback_url = 'https://jupyterhubmain.*.com/hub/oauth_callback'

c.AzureAdOAuthenticator.tenant_id = '<tenant_id>'
c.AzureAdOAuthenticator.client_id = '<client_id>'
c.AzureAdOAuthenticator.client_secret = '<client_secret>'

Any pointers to resolve the issue will be highly appreciated.

What versions of everything are you using?

I found this on stackoverflow

which suggests it could be a problem with a missing/outdated operating system dependency, or a proxy/firewall getting in the way.

Thanks @manics for you update. Jupyterhub versions for my deployment is :-
Selected Jupyter core packages…

IPython : 8.9.0 
ipykernel : 6.21.1 
ipywidgets : not installed 
jupyter_client : 8.0.2 
jupyter_core : 5.2.0 
jupyter_server : 2.2.1 
jupyterlab : 3.6.1 
nbclient : 0.7.2 
nbconvert : 7.2.9 
nbformat : 5.7.3 
notebook : 6.5.2 
qtconsole : not installed 
traitlets : 5.9.0

And my environment variables in jupyterhub containers are :


I tried using GitHub authenticator but it is giving same error as for Azure. Just wondering if we have list of dependencies and their versions which I can cross check with my deployment.

Issue is resolved after setting https proxy. Main task was to identify the correct proxy.