These pages provide resources for people interested in using the Raven Web Authentication service http://raven.cam.ac.uk/. They concentrate on resources representing the 'officially supported' aspects of the service. Other information that was previously here, and lots of new stuff, is in the Raven Wiki.
The 'officially supported' service consists (roughly) of the central Raven authentication server (and associated user registration infrastructure and keys) supporting both Ucam WebAuth and Shibboleth (SAML) authentication, two Ucam WebAuth application agents (an Apache module and a Java toolkit), the Raven mailing lists, and support and development resources (including the 'Test and Demonstration' server). Don't let this put you off investigating the many other Raven-related resources listed in the Wiki.
To use Raven authentication on a web server it needs some sort of 'Application Agent' to impliment the Raven functionality. This could be built-in to a web application (such as a PHP or CGI script or a Java program - for so-called "application managed" security), or it could be an 'Authentication handler' for the web server that you are using ("container managed" security).
The Computing Service maintains and supports:
Various other Application agents developed by various people are listed on the Wiki's Application agents page. The Shibboleth (SAML) interface to Raven will work with suitably-configured SAML agents - the SP agent supplied by the Shibboleth Conrortium is know to work with Raven.
An Ucam WebAuth authentication module for IIS 6 is also available, but it doesn't work with later versions of IIS and so should be considered obsolete.
Ucam WebAuth Application Agents need access to the current Raven public keys in order to verify authentication responses. They are available in the keys directory.
There are two mailing lists for people interested in Raven:
Follow the links above, or send a message to email@example.com or firstname.lastname@example.org with the word `help' in the subject or body for more information.
Anyone administering a Raven-using server or developing Raven-related software is welcome to contact the Computing Service Raven administrators at email@example.com with queries or comments. However, consider sending Raven-related messages to the cs-raven-discuss mailing list instead. Sending messages to the list allows others to benefit from any discussion and may spark additional ideas. The Raven administrators are members of this list.
Users with Raven-related problems should normally contact the administrators of the relevant Raven-protected service in the first instance. Failing that they should contact the Computing Service Help Desk.
Raven operates an instance of the 'University of Cambridge Web Authentication System' (Ucam-webauth). An introduction to how it works is included in the main Raven service documentation. The protocol used for communication between web servers and the Raven Ucam WebAuth server is documented in The Cambridge Web Authentication System: WAA->WLS communication protocol (currently version 4.1 -- copies of older versions are available: 4.0, 3.0, 2.0, 1.6, 1.4, 1.3, 1.1).
There is a Pseudo-code Application Agent available which provides an example of how an application agent could be coded.
As well as the production server, a second test and demonstration Raven Ucam WebAuth server, populated with 500 test accounts with fixed, well-known passwords is provided to assist in developing, testing or demonstrating Raven-enabled services.
The Raven server currently includes a test page which simulates various requests to the authentication server and displays decoded versions of the resulting response. Note that this page exercises some features of the protocol (in particular multiple authentication types) that are not currently used.
Some third-party Raven software is distributed from here for convinience but is described in the Wiki. This includes:
Various graphs showing analysed usage information are available:
Summaries of the Summaries of the Raven/Wbauth and Raven/Shibboleth usage logs are also available.
A translation of this page to Serbo-Croatian has been contributed by Anja Skrba.