The Raven Project - Test and Demonstration Server


It can be difficult to develop or demonstrate Raven-enabled applications using the single ID to which members of the University have access, and is even more difficult for external developers. To work around this, Information Services provides a second Raven authentication server pre-populated with users test0001 to test0500 which all have the password 'test'. User-ids test0001 to test0400 are marked as belonging to 'current staff and students', leaving user-ids test0401 to test0500 not so marked. Obviously this service provides no useful authentication but may be useful for developing, testing or demonstrating services.

The service runs at demo.raven.cam.ac.uk, so the base URL of this WLS (the thing you'd configure with AAAuthService if using the mod_ucam_webauth Apache module) is

https://demo.raven.cam.ac.uk/auth/authenticate.html

and the corresponding logout URL is

https://demo.raven.cam.ac.uk/auth/logout.html

This service uses its own RSA key to sign authentication responses - the relevant public keys can be downloaded from

https://raven.cam.ac.uk/project/keys/demo_server/

It is vital to keep these demo keys seperate from keys used with a production service - failure to do so could allow an attacker to successfully replay a response from the demonstration server, which anyone can easily obtain, against a production service.

Unlike the production Raven service, the demonstration service is not limited to providing services to hosts within .cam.ac.uk and can be used by AAs running on any machine whatever.

The demonstration service is pre-populated with users test0001 to test0500 which all have the password 'test'. These passwords are fixed. User-ids test0001 to test0400 are marked as belonging to 'current staff and students', leaving user-ids test0401 to test0500 not so marked. Note that for these IDs the 5th character is always zero. The password for these accounts is 'well known' and is displayed on the login page.


raven-support@ucs.cam.ac.uk