|###
Bug description
Hello, I’ve asked this question in Jupyterhub community but didnt get any solution. The problem is with integration jupyterhub with keycloak. So we are in openshift and installing jupyterhub using bitnami helm chart. Here’s our configuration:
hub:
adminUser: admin
configuration: |
Chart:
Name: {{ .Chart.Name }}
Version: {{ .Chart.Version }}
Release:
Name: {{ .Release.Name }}
Namespace: {{ .Release.Namespace }}
Service: {{ .Release.Service }}
hub:
config:
JupyterHub:
admin_access: true
authenticator_class: generic-oauth
GenericOAuthenticator:
client_id: jupyter
client_secret: <our_secret>
oauth_callback_url: jupyterhub_site/hub/oauth_callback
authorize_url: keycloak-site/realms/jupyterhub/protocol/openid-connect/auth
token_url: keycloak-site/realms/jupyterhub/protocol/openid-connect/token
userdata_url: keycloak-site.com/realms/jupyterhub/protocol/openid-connect/userinfo
username_claim: nijat
tls_verify: false
enable_auth_state: true
login_service: ‘Keycloak’
redirectToServer: true
Besides that I’ve create a new client in keycloak, with client id and client_secret. My URLs in Keycloak:
Root URL - jupyterhub_site
Home URL - jupyterhub_site
Valid redirect URIs - jupyterhub_site/* and jupyterhub_site/hub/oauth_callback
And what’s now. I am going through the route I created in openshift, see the button - Sign in using keycloak. After I enter it it redirects me to keycloak page with the name of jupyterhub realm and asks for login and pass. I write it and get 500 Internal Error. Here’s the log of my pod - hub:
http://keycloak-site.com/realms/jupyterhub/protocol/openid-connect/token: HTTP 599: error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
How can I solve this problem, please help|