Okta integration in JupyterHub running on Kubernetes Cluster
We got a requirement for integrating okta with jupyterhub running on kubernetes cluster. We initially tried with SAML but later we realized jupyterhub by default does not have support for saml. Then we tried with Oauth2 with Okta.
Thanks to https://discourse.jupyter.org/u/consideRatio for the blog https://discourse.jupyter.org/t/need-help-setting-up-okta-oauth/605
Here we changed a little to integrate with okta as initially we were facing “invalid request” Description “Redirect URI must be an absolute URI”
We fixed this issue with below change and able to connect with okta. This below config.yml works absolutely fine with okta.
proxy:
secretToken: "<token>"
hub:
extraEnv:
OAUTH2_AUTHORIZE_URL: https://oktaurl.okta.com/oauth2/ahslrzhhkoouty089h6/v1/authorize?
OAUTH2_USERDATA_URL: https://oktaurl.okta.com/oauth2/ahslrzhhkoouty089h6/v1/userinfo
OAUTH2_TOKEN_URL: https://oktaurl.okta.com/oauth2/ahslrzhhkoouty089h6/v1/token
OAUTH_CALLBACK_URL: http://albdnsid.us-east-1.elb.amazonaws.com/hub/oauth_callback
auth:
type: custom
custom:
className: oauthenticator.generic.GenericOAuthenticator
config:
client_id: <clientId>
client_secret: <clientSecret>
login_service: Okta
username_key: preferred_username
scopes:
# See: https://developer.okta.com/docs/api/resources/oidc#userinfo
# See: https://developer.okta.com/docs/api/resources/oidc#scope-dependent-claims-not-always-returned
- openid
- profile
- email
- offline_access
admin:
access: false
users:
- user1.tr@example.comIn another blog i will post for kubernetes jupyterhub integration.
Cheers!!
Originally published at http://theleadcoder.wordpress.com on March 16, 2020.
