Raven project: Difference between revisions
(Ist draft of copy of raven.cam.ac.uk/project) |
m (Remove "The Raven Project") |
||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki. | These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki. | ||
The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys) supporting both Ucam WebAuth and Shibboleth (SAML) authentication, | The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys) supporting both Ucam WebAuth and Shibboleth (SAML) authentication, a Ucam WebAuth application agent ([[Apache_authentication_module|an Apache module]]), [[Background_and_reference#External_resources|the Raven mailing lists]], and support and development resources (including the 'Test and Demonstration' server). Don't let this put you off investigating the many other Raven-related resources listed in the Wiki. | ||
Application Agents | |||
==Application Agents== | |||
To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a PHP or CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security). | To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a PHP or CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security). | ||
Line 10: | Line 11: | ||
University Information Services maintains and supports: | University Information Services maintains and supports: | ||
an Ucam WebAuth authentication handler for Apache | [[Apache_authentication_module|an Ucam WebAuth authentication handler for Apache]] | ||
Various other Application agents developed by various people are listed on the Wiki's Application agents page. The Shibboleth (SAML) interface to Raven will work with suitably-configured SAML agents - the SP agent supplied by the Shibboleth Consortium is known to work with Raven. | Various other Application agents developed by various people are listed on the Wiki's [[Application agents]] page. The Shibboleth (SAML) interface to Raven will work with suitably-configured SAML agents - the SP agent supplied by the Shibboleth Consortium is known to work with Raven. | ||
An Ucam WebAuth authentication module for IIS 6 is also available, but it doesn't work with later versions of IIS and so should be considered obsolete. | An Ucam WebAuth authentication module for IIS 6 is also available, but it doesn't work with later versions of IIS and so should be considered obsolete. | ||
Keys | ==Keys== | ||
Ucam WebAuth Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available in the [[Raven keys|keys]] directory. | |||
==Mailing Lists== | |||
Mailing Lists | |||
There are two mailing lists for people interested in Raven: | There are two mailing lists for people interested in Raven: | ||
cs-raven-announce which carries announcements about the Raven service and developments and is intended to be low-volume. Anyone using Raven on a web site that they administer should probably be subscribed to this list. | |||
cs-raven-discuss which is for discussing use and development of software that interacts with Raven, and of general issues arising from using it. | [https://lists.cam.ac.uk/mailman/listinfo/cs-raven-announce cs-raven-announce] which carries announcements about the Raven service and developments and is intended to be low-volume. Anyone using Raven on a web site that they administer should probably be subscribed to this list. | ||
[https://lists.cam.ac.uk/mailman/listinfo/cs-raven-discuss cs-raven-discuss] which is for discussing use and development of software that interacts with Raven, and of general issues arising from using it. | |||
Follow the links above, or send a message to cs-raven-announce-request@lists.cam.ac.uk or cs-raven-discuss-request@lists.cam.ac.uk with the word `help' in the subject or body for more information. | Follow the links above, or send a message to cs-raven-announce-request@lists.cam.ac.uk or cs-raven-discuss-request@lists.cam.ac.uk with the word `help' in the subject or body for more information. | ||
Support Services | |||
==Support Services== | |||
Anyone administering a Raven-using server or developing Raven-related software is welcome to contact UIS Raven administrators at raven-support@ucs.cam.ac.uk with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list. | Anyone administering a Raven-using server or developing Raven-related software is welcome to contact UIS Raven administrators at raven-support@ucs.cam.ac.uk with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list. | ||
Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the UIS Service Desk. | Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the UIS Service Desk. | ||
Raven operates an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the main Raven service documentation. The protocol used for communication between web servers and the Raven Ucam WebAuth server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol | ==Development Resources== | ||
Raven operates an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the [https://help.uis.cam.ac.uk/service/accounts-passwords/it-staff/raven main Raven service documentation]. The protocol used for communication between web servers and the Raven Ucam WebAuth server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol on [https://github.com/cambridgeuniversity/UcamWebauth-protocol github]. | |||
There is a Pseudo-code Application Agent available which provides an example of how an application agent could be coded. | There is a [[Pseudo-code Application Agent]] available which provides an example of how an application agent could be coded. | ||
The Raven server currently includes a [https://raven.cam.ac.uk/test.html test page] which simulates various requests to the authentication server and displays decoded versions of the resulting response. Note that this page exercises some features of the protocol (in particular multiple authentication types) that are not currently used. | |||
==Other software== | |||
Other software | |||
Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes: | Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes: | ||
Ucam-WebAuth-AA Perl module | [[Ucam-WebAuth-AA Perl module]] | ||
PHP library | [[PHP library]] | ||
Tomcat Valve | [[Tomcat Valve]] | ||
Ruby support | [[Ruby_Support|Ruby support]] | ||
Oracle SSO 'shim' | [[Oracle SSO|Oracle SSO 'shim']] | ||
PeopleSoft's PeopleTools adaptor | [[PeopleSoft's PeopleTools]] adaptor | ||
Drupal | [[Drupal]] | ||
Catalyst | [[Catalyst]] | ||
Usage statistics | ==Usage statistics== | ||
Various graphs showing analysed usage information are available: | Various graphs showing analysed usage information are available: | ||
a set of manually-produced graphs showing historical usage information for the Raven service. | a set of manually-produced [https://raven.cam.ac.uk/project/stats/ graphs showing historical usage information] for the Raven service. | ||
a set of near-realtime graphs showing | a set of near-realtime graphs showing [https://raven.cam.ac.uk/graphs/ request/response rates for the Raven/Webauth service]. | ||
a set of near-realtime graphs showing authentication rates for the Raven/Shibboleth service. | a set of near-realtime graphs showing [https://shib.raven.cam.ac.uk//graphs/ authentication rates for the Raven/Shibboleth service]. | ||
Summaries of the Summaries of the Raven/ | Summaries of the [https://raven.cam.ac.uk/stats/ Summaries of the Raven/Webauth] and [https://shib.raven.cam.ac.uk//stats/ Raven/Shibboleth] usage logs are also available. |
Latest revision as of 14:10, 11 October 2019
These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki.
The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys) supporting both Ucam WebAuth and Shibboleth (SAML) authentication, a Ucam WebAuth application agent (an Apache module), the Raven mailing lists, and support and development resources (including the 'Test and Demonstration' server). Don't let this put you off investigating the many other Raven-related resources listed in the Wiki.
Application Agents
To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a PHP or CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security).
University Information Services maintains and supports:
an Ucam WebAuth authentication handler for Apache
Various other Application agents developed by various people are listed on the Wiki's Application agents page. The Shibboleth (SAML) interface to Raven will work with suitably-configured SAML agents - the SP agent supplied by the Shibboleth Consortium is known to work with Raven.
An Ucam WebAuth authentication module for IIS 6 is also available, but it doesn't work with later versions of IIS and so should be considered obsolete.
Keys
Ucam WebAuth Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available in the keys directory.
Mailing Lists
There are two mailing lists for people interested in Raven:
cs-raven-announce which carries announcements about the Raven service and developments and is intended to be low-volume. Anyone using Raven on a web site that they administer should probably be subscribed to this list.
cs-raven-discuss which is for discussing use and development of software that interacts with Raven, and of general issues arising from using it.
Follow the links above, or send a message to cs-raven-announce-request@lists.cam.ac.uk or cs-raven-discuss-request@lists.cam.ac.uk with the word `help' in the subject or body for more information.
Support Services
Anyone administering a Raven-using server or developing Raven-related software is welcome to contact UIS Raven administrators at raven-support@ucs.cam.ac.uk with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list.
Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the UIS Service Desk.
Development Resources
Raven operates an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the main Raven service documentation. The protocol used for communication between web servers and the Raven Ucam WebAuth server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol on github.
There is a Pseudo-code Application Agent available which provides an example of how an application agent could be coded.
The Raven server currently includes a test page which simulates various requests to the authentication server and displays decoded versions of the resulting response. Note that this page exercises some features of the protocol (in particular multiple authentication types) that are not currently used.
Other software
Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes:
Ucam-WebAuth-AA Perl module PHP library Tomcat Valve Ruby support Oracle SSO 'shim' PeopleSoft's PeopleTools adaptor Drupal Catalyst
Usage statistics
Various graphs showing analysed usage information are available:
a set of manually-produced graphs showing historical usage information for the Raven service. a set of near-realtime graphs showing request/response rates for the Raven/Webauth service. a set of near-realtime graphs showing authentication rates for the Raven/Shibboleth service.
Summaries of the Summaries of the Raven/Webauth and Raven/Shibboleth usage logs are also available.