Skip to content

Raven Webauth to SAML2 Shim

[Team | Wilson Team] [Tech Lead | rjg21] [Service Owner | vkhs1] [Service Manager | rc118] [Product Manager | TBC]

This page gives an overview of the legacy Raven webauth to SAML2 shim, describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.

Service Description

This service provides a shim, allowing requests made to authenticate using the legacy raven webauth protocol to be authenticated using SAML2 instead. Sites not yet implementing the SAML2 protocol can continue to use the existing webauth protocol, but the authentication request will be passed to the Raven Shibboleth instance to perform the actual authentication.

Sites requiring raven-4-life (R4L) support must be registered with the shibboleth metadata app in order to keep that functionality.

Service Status

The Webauth to SAML2 Shim is currently under active development.

Contact

Technical queries and support should be directed to servicedesk@uis.cam.ac.uk and will be picked up by a member of the team working on the service. To ensure that you receive a response, always direct requests to servicedesk@uis.cam.ac.uk rather than reaching out to team members directly.

Issues discovered in the service or new feature requests should be opened as GitLab issues here.

Environments

The Webauth to SAML2 Shim is currently deployed to the following environments:

Name Main Application URL GCP Deployment
Production https://webauth-shim.prod.raven-legacy.gcp.uis.cam.ac.uk/ Production Deployment
Staging https://webauth-shim.test.raven-legacy.gcp.uis.cam.ac.uk/ Staging Deployment
Development https://webauth-shim.devel.raven-legacy.gcp.uis.cam.ac.uk/ Development Deployment

All environments share access to a set of secrets stored in the meta-project Secret Manager

Notification channel(s) for environments

Environment Display name Email
Production Raven Legacy - Wilson DevOps team email channel devops-wilson@uis.cam.ac.uk
Staging Raven Legacy - Wilson DevOps team email channel devops-wilson@uis.cam.ac.uk

Source code

The source code for the Webauth to SAML2 Shim is spread over the following repositories:

Repository Description
Application Server The source code for the main application server
Infrastructure Deployment The Terraform infrastructure code for deploying the application server to GCP

Technologies used

The following gives an overview of the technologies the Webauth to SAML2 Shim is built on.

Category Language Framework(s)
Web Application Python 3.10 Django 3.2

Operational documentation

The following gives an overview of how the Webauth to SAML2 Shim is deployed and maintained.

How and where the Webauth to SAML2 Shim is deployed

The main web application is a lightweight Django application, hosted by GCP Cloud Run. There is an associated PostgreSQL database hosted by GCP Cloud SQL, which is used for storing cache items only, and contains no critical persistent data.

The shim is deployed as part of the legacy raven infrastructure using Terraform (see Source Code above).

Deploying a New Release

The README.md files in each of the source code repositories explain how to deploy the Webauth to SAML2 Shim.

Monitoring

The logs for the running shim instances can be found in the GCP console:

Debugging

For debugging the deployed app see "Monitoring" above. For debugging locally the application README.md describes how the containerised app can be run.

Other operational documentation

Service Management

The Team responsible for this service is Wilson Team.

The Tech Lead for this service is rjg21.

The Service Owner for this service is vkhs1.

The Service Manager for this service is rc118.

The Product Manager for this service is TBC.

The following engineers have operational experience with this service and are able to respond to support requests or incidents: