Currently, JupyterHub users must ssh tunnel into a specific stat box, navigate to localhost:8000, and then authenticate with JupyterHub via LDAP.
There is a JupyterHub CAS Authenticator: https://github.com/cwaldbieser/jhub_cas_authenticator
I'm testing out this functionality now, but it isn't clear what is needed to get this authentication working with CAS (or if we should).
We don't yet have a public domain for JupyterHub; we'd have to set one up. In addition, there are multiple JupyterHub servers, one on each stat box. Should we set up a separate domain for each one? Can we somehow route via a proxy URL from a single domain, e.g. jupyterhub.wikimedia.org/stat1008/hub/login?
Should we bother doing this at all?