Jupyterhub is not tracking Keycloak’s sessions – Zero to JupyterHub on Kubernetes

Hello,
I have installed the Jupyterhub chart with this chart.yaml:

annotations:
  artifacthub.io/images: |
    - image: jupyterhub/configurable-http-proxy:4.5.3
      name: configurable-http-proxy
    - image: jupyterhub/k8s-hub:2.0.0
      name: k8s-hub
    - image: jupyterhub/k8s-image-awaiter:2.0.0
      name: k8s-image-awaiter
    - image: jupyterhub/k8s-network-tools:2.0.0
      name: k8s-network-tools
    - image: jupyterhub/k8s-secret-sync:2.0.0
      name: k8s-secret-sync
    - image: jupyterhub/k8s-singleuser-sample:2.0.0
      name: k8s-singleuser-sample
    - image: k8s.gcr.io/kube-scheduler:v1.23.10
      name: kube-scheduler
    - image: k8s.gcr.io/pause:3.8
      name: pause
    - image: k8s.gcr.io/pause:3.8
      name: pause
    - image: traefik:v2.8.4
      name: traefik
apiVersion: v2
appVersion: 3.0.0
description: Multi-user Jupyter installation
home: https://z2jh.jupyter.org
icon: https://jupyterhub.github.io/helm-chart/images/hublogo.svg
keywords:
- jupyter
- jupyterhub
- z2jh
kubeVersion: '>=1.20.0-0'
maintainers:
- email: erik@sundellopensource.se
  name: Erik Sundell
- name: Simon Li
  url: https://github.com/manics/
name: jupyterhub
sources:
- https://github.com/jupyterhub/zero-to-jupyterhub-k8s
version: 2.0.0

and this config:

  storage:
    extraVolumes:
      - name: jupyterhub-shared
        persistentVolumeClaim:
          claimName: csi-gcs-pvc
    extraVolumeMounts:
      - name: jupyterhub-shared
        mountPath: /home/shared
hub:
  config:
    GenericOAuthenticator:
      client_id: jupyterhub
      client_secret: client_secret
      oauth_callback_url: https://<jupyterhub domain>/hub/oauth_callback
      authorize_url: https://<keycloak domain>/auth/realms/<realm name>/protocol/openid-connect/auth
      token_url: https://<keycloak domain>/auth/realms/<realm name>/protocol/openid-connect/token
      userdata_url: https://<keycloak domain>/auth/realms/<realm name>/protocol/openid-connect/userinfo
      login_service: keycloak
      username_key: preferred_username
      userdata_params:
        state: state
    JupyterHub:
      authenticator_class: generic-oauth
proxy:
  service:
    type: ClusterIP

Login and Logout within the Jupyterhub’s front-end works perfectly. When I end the session in Keycloak, I am not auto logged out of Jupyterhub, so I can continue to do operations in the Jupyterhub.


OAuth uses tokens that are valid for a period of time- you wouldn’t want an application to contact your identity provider (Keycloak) for every web request.

You can try changing the expiry times, there’s an in-depth explanation in

Read more here: Source link