将JupyterHub与Keycloak Auth集成时出错

时间:2019-06-30 16:17:07

标签: java docker keycloak jupyterhub

我试图将Keycloak身份验证集成到Jupyterhub(作为docker运行)中,并且我已经配置了jupyterhub_config.py文件,以便提供所需的所有变量和url,并且在运行容器时,我被重定向到Keycloak登录页面,问题是我使用用户credencials登录后出现错误:

tornado.curl_httpclient.CurlError: HTTP 599: Failed to connect to localhost port 8080: Connection refused

下面我发布了我的配置和Dockerfile,其中隐藏了一些参数。错误日志。

jupyterhub_config.py

import sys

c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'

## Generic
c.JupyterHub.admin_access = True
c.Spawner.default_url = '/lab'

## Authenticator
from oauthenticator.oauth2 import OAuthLoginHandler
from oauthenticator.generic import GenericOAuthenticator
from tornado.auth import OAuth2Mixin

class KeycloakMixin(OAuth2Mixin):
    _OAUTH_AUTHORIZE_URL = '{keycloakserver}/auth/realms/{realmname}/protocol/openid-connect/auth'
    _OAUTH_USERDATA_URL = '{keycloakserver}/auth/realms/{realmname}/protocol/openid-connect/userinfo'
    _OAUTH_TOKEN_URL = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/token'
    _OAUTH_CALLBACK_URL = '{jupyterhubserver}/hub/oauth_callback'


class KeycloakLoginHandler(OAuthLoginHandler, KeycloakMixin):
    pass

class UVSQAuthenticator(GenericOAuthenticator):
    login_service = 'Keycloak'
    login_handler = KeycloakLoginHandler
    client_id = '{client_id}'
    client_secret = '{client_secret}'
    token_url = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/token'
    userdata_url = '{keycloakserver}/realms/{realmname}/protocol/openid-connect/userinfo'
    userdata_method ='GET'
    userdata_params = {"state": "state"}
    username_key = "username"
c.JupyterHub.authenticator_class = UVSQAuthenticator

## Docker spawner

#c.DockerSpawner.image = 'jupyterlab_img'
#c.DockerSpawner.network_name = 'nginx_proxy'

from jupyter_client.localinterfaces import public_ips
c.JupyterHub.hub_ip = public_ips()[0]


c.JupyterHub.services = [
    {
        'name': 'cull-idle',
        'admin': True,
        'command': [sys.executable, 'cull_idle_servers.py', '--timeout=3600'],
    }
]



Dockerfile

# Do not forget to pin down the version
FROM jupyterhub/jupyterhub:latest


# Copy the JupyterHub configuration in the container

COPY jupyterhub_config.py .

# Download script to automatically stop idle single-user servers
RUN wget https://raw.githubusercontent.com/jupyterhub/jupyterhub/0.9.3/examples/cull-idle/cull_idle_servers.py

# Install dependencies (for advanced authentication and spawning)
RUN pip install \
    --upgrade jupyter \
    dockerspawner \
    oauthenticator

错误日志

 Traceback (most recent call last):
      File "/opt/conda/lib/python3.6/site-packages/tornado/web.py", line 1699, in _execute
        result = await result
      File "/opt/conda/lib/python3.6/site-packages/oauthenticator/oauth2.py", line 209, in get
        user = yield self.login_user()
      File "/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 655, in login_user
        authenticated = await self.authenticate(data)
      File "/opt/conda/lib/python3.6/site-packages/jupyterhub/auth.py", line 383, in get_authenticated_user
        authenticated = await maybe_future(self.authenticate(handler, data))
      File "/opt/conda/lib/python3.6/site-packages/oauthenticator/generic.py", line 114, in authenticate
        resp = yield http_client.fetch(req)
    tornado.curl_httpclient.CurlError: HTTP 599: Failed to connect to localhost port 8080: Connection refused

0 个答案:

没有答案