[CloudBank] Add Cal Maritime #3231
Conversation
|
Merging this PR will trigger the following deployment actions. Support and Staging deployments
Production deployments
|
|
🎉🎉🎉🎉 Monitor the deployment of the hubs here 👉 https://github.com/2i2c-org/infrastructure/actions/runs/6413124276 |
| JupyterHub: | ||
| authenticator_class: cilogon | ||
| CILogonOAuthenticator: | ||
| oauth_callback_url: "https://csum.cloudbank.2i2c.cloud/hub/oauth_callback" | ||
| allowed_idps: | ||
| https://cma-shibboleth.csum.edu/idp/shibboleth: | ||
| username_derivation: | ||
| username_claim: "email" | ||
| # allow_all is a partial authorization, username_pattern is enforced also | ||
| allow_all: true | ||
| http://google.com/accounts/o8/id: | ||
| username_derivation: | ||
| username_claim: "email" | ||
| # allow_all is a partial authorization, username_pattern is enforced also | ||
| allow_all: true | ||
| Authenticator: | ||
| admin_users: | ||
| - ericvd@berkeley.edu | ||
| - sean.smorris@berkeley.edu | ||
| - jteoh@csum.edu |
There was a problem hiding this comment.
This configuration didn't include username_pattern, and with allow_all to true for the Google IdP, all users google users are allowed access @sean-morris.
I'll propose a fix for this in a PR (EDIT: #3232)
There was a problem hiding this comment.
ahhhh.. OK Thank you! so it should be allowed_domains: 2i2c and berkeley
There was a problem hiding this comment.
Yes that is an improvement, but that is also not optimal as many berkeley users not intended to have access are then still allowed.
I've proposed what i think is a suitable solution in #3232 where we dont have allowed_domains or allow_all, instead its now enough with listing the usernames to allow access via admin_users.
If you find time time, please review that pull request!
No description provided.