I am using Jupyterhub Remote user local authenticator. I have configured Azure AD authentication in AWS ELB after successful authentication I am getting three headers as returned by AWS (x-amzn-oidc-accesstoken, x-amzn-oidc-data, x-amazn-oidc-identity). But none of them have desired value directly in headers as we have users created in Jupyterhub using (e.g emp code). I wrote custom authenticator extending RemoteUserLocalAuthenticator which uses access token and make calls to Graph microsoft API to fetch Emp code. But its not working as expected. Any suggestions would be highly appreciated ?
below is my jupyter config.py file:
from jhub_remote_user_authenticator.remote_user_auth import RemoteUserLocalAuthenticator
import syslog
import sys
import os, pwd
import logging
import requests,json
class CustomAuthenticator(RemoteUserLocalAuthenticator):
async def authenticate(self, handler, data=None):
# Extract the custom authentication header
identity_header = handler.request.headers.get(‘x-amzn-oidc-accesstoken’)
# Process the identity header to obtain the username
if identity_header:
# Extract the username from the identity header
response=requests.get('https://graph.microsoft.com/v1.0/me?$select=Department,onPremisesSamAccountName,displayName,givenName,surname,mail', headers={'Authorization': identity_header})
if response.status_code==200:
response=response.json()
GID=response.get("onPremisesSamAccountName")
#redirect_url = '/user/'+GID+'/lab' # Replace with your desired URL
# handler.redirect(redirect_url)
return {'name':GID}
# If the header is missing or doesn't contain the necessary information, return None
return None
c.JupyterHub.authenticator_class = CustomAuthenticator
c.JupyterHub.hub_ip = ‘0.0.0.0’
c.JupyterHub.admin_access = True
c.JupyterHub.ssl_key = ‘/etc/jupyter/server.key’
c.JupyterHub.ssl_cert = ‘/etc/jupyter/server.crt’
c.JupyterHub.port = 443
c.LocalAuthenticator.create_system_users = True
#c.RemoteUserLocalAuthenticator.header_name = ‘x-amzn-oidc-identity’
#c.JupyterHub.authenticator_class = ‘jhub_remote_user_authenticator.remote_user_auth.RemoteUserLocalAuthenticator’
c.Spawner.default_url = ‘/lab’
c.Spawner.mem_limit = None
c.Spawner.http_timeout = 60
c.Spawner.start_timeout = 60
c.Spawner.debug = True
c.JupyterHub.file_path_template = “{path}”