Raven project
The Raven Project
These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki.
The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys) supporting both Ucam WebAuth and Shibboleth (SAML) authentication, a Ucam WebAuth application agent (an Apache module), the Raven mailing lists, and support and development resources (including the 'Test and Demonstration' server). Don't let this put you off investigating the many other Raven-related resources listed in the Wiki.
Application Agents
To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a PHP or CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security).
University Information Services maintains and supports:
an Ucam WebAuth authentication handler for Apache
Various other Application agents developed by various people are listed on the Wiki's Application agents page. The Shibboleth (SAML) interface to Raven will work with suitably-configured SAML agents - the SP agent supplied by the Shibboleth Consortium is known to work with Raven.
An Ucam WebAuth authentication module for IIS 6 is also available, but it doesn't work with later versions of IIS and so should be considered obsolete.
Keys
Ucam WebAuth Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available in the keys directory.
Mailing Lists
There are two mailing lists for people interested in Raven:
cs-raven-announce which carries announcements about the Raven service and developments and is intended to be low-volume. Anyone using Raven on a web site that they administer should probably be subscribed to this list.
cs-raven-discuss which is for discussing use and development of software that interacts with Raven, and of general issues arising from using it.
Follow the links above, or send a message to cs-raven-announce-request@lists.cam.ac.uk or cs-raven-discuss-request@lists.cam.ac.uk with the word `help' in the subject or body for more information.
Support Services
Anyone administering a Raven-using server or developing Raven-related software is welcome to contact UIS Raven administrators at raven-support@ucs.cam.ac.uk with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list.
Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the UIS Service Desk.
Development Resources
Raven operates an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the main Raven service documentation. The protocol used for communication between web servers and the Raven Ucam WebAuth server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol on github.
There is a Pseudo-code Application Agent available which provides an example of how an application agent could be coded.
The Raven server currently includes a test page which simulates various requests to the authentication server and displays decoded versions of the resulting response. Note that this page exercises some features of the protocol (in particular multiple authentication types) that are not currently used.
Other software
Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes:
Ucam-WebAuth-AA Perl module PHP library Tomcat Valve Ruby support Oracle SSO 'shim' PeopleSoft's PeopleTools adaptor Drupal Catalyst
Usage statistics
Various graphs showing analysed usage information are available:
a set of manually-produced graphs showing historical usage information for the Raven service. a set of near-realtime graphs showing requet/response rates for the Raven/Webauth service. a set of near-realtime graphs showing authentication rates for the Raven/Shibboleth service.
Summaries of the Summaries of the Raven/Wbauth and Raven/Shibboleth usage logs are also available.