From 9804cf456d33a3ac9a7360e2c46895a7102ae774 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz> Date: Mon, 22 Apr 2024 18:23:53 +0000 Subject: [PATCH] =?UTF-8?q?Switch=20to=20G=C3=89ANT=20AAI=20in=20fullfub?= =?UTF-8?q?=20deployment?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cesnet-central/deployments/fullhub.yaml | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml index 9510732..73a29ad 100644 --- a/cesnet-central/deployments/fullhub.yaml +++ b/cesnet-central/deployments/fullhub.yaml @@ -104,27 +104,21 @@ hub: # - cesnet/playbooks/templates/binder.yaml # - documentation/content/en/users/dev-env/notebooks/_index.md allowed_groups: - - urn:mace:egi.eu:group:vo.access.egi.eu:role=member#aai.egi.eu - - urn:mace:egi.eu:group:vo.notebooks.egi.eu:role=member#aai.egi.eu - - urn:mace:egi.eu:www.egi.eu:fedcloud-users:member@egi.eu - - urn:mace:egi.eu:www.egi.eu:techsolutions:member@egi.eu - # changed 2022-10 - - urn:mace:egi.eu:group:fedcloud-users#sso.egi.eu - - urn:mace:egi.eu:group:supplier-notebooks#sso.egi.eu - - urn:mace:egi.eu:group:techsolutions#sso.egi.eu - - urn:mace:egi.eu:group:notebooks-support#sso.egi.eu + - urn:geant:eosc-federation.eu:testing:group:eosc#testing.eosc-federation.eu auto_login: true - claim_groups_key: "eduperson_entitlement" + claim_groups_key: "entitlements" EGICheckinAuthenticator: checkin_host: "{{ secret['checkin_host'] }}" - authorize_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/auth" - token_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/token" - userdata_url: "https://{{ secret['checkin_host'] }}/auth/realms/egi/protocol/openid-connect/userinfo" + authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization" + token_url: "https://{{ secret['checkin_host'] }}/OIDC/token" + userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo" client_id: "{{ secret['client_id'] }}" client_secret: "{{ secret['client_secret'] }}" oauth_callback_url: "https://fullhub.eosc.zcu.cz/hub/oauth_callback" - scope: ["openid", "profile", "email", "offline_access", "eduperson_scoped_affiliation", "eduperson_entitlement"] + scope: ["openid", "profile", "email", "offline_access", "entitlements"] username_key: "sub" + extra_authorize_params: + prompt: consent JupyterHub: admin_access: true authenticate_prometheus: false -- GitLab