I’m trying to set up SSO using SAML authenticator using Okta. We have been following the below documentation to make necessary changes in jupyterhub_config.py file .
While doing the configuration we are asked provide following information from our Okta team. We have the #1 below but we could not find “SP entity Id/Audience Restriction URI”
- SSO URL/Assertion Consumer Service URL
- SP entity Id/Audience Restriction URI
How & where to get this information please advise.
The SP entity Id/Audience Restriction URI is a unique identifier for your JupyterHub instance. It is used by Okta to verify that the SAML assertion is being sent to the correct destination.
To find the SP entity Id/Audience Restriction URI for your JupyterHub instance, you can follow these steps:
- Go to the Applications page in the Okta administration console.
- Click the name of your JupyterHub application.
- Under the Sign On tab, click the View Details button next to the SAML 2.0 option.
- The SP entity Id/Audience Restriction URI is listed in the Audience field.
Once you have the SP entity Id/Audience Restriction URI, you can add it to your jupyterhub_config.py file. To do this, add the following lines to the file:
`Pythonc.JupyterHub.authenticator_class = 'jupyterhub_samlauthenticator.SAMLAuthenticator'
c.SAMLAuthenticator.idp_entity_id = 'YOUR_OKTA_IDP_ENTITY_ID'
c.SAMLAuthenticator.idp_sso_url = 'YOUR_OKTA_IDP_SSO_URL'
c.SAMLAuthenticator.sp_entity_id = 'YOUR_JUPYTERHUB_SP_ENTITY_ID'`
YOUR_OKTA_IDP_ENTITY_ID with the entity ID for your Okta IdP and
YOUR_JUPYTERHUB_SP_ENTITY_ID with the SP entity Id/Audience Restriction URI for your JupyterHub instance.
Once you have added these lines to your jupyterhub_config.py file, you can restart JupyterHub and users will be able to log in using SAML authentication.