This page gives an overview of the Raven SAML2 service, describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.
The Raven service provides a self-service, web-based interactive sign in service for the University. It has several parts. Raven SAML2 provides a standard SAML 2.0 interface for sites around the University.
There is a dedicated documentation site for Raven including its SAML2 interface.
The Raven SAML2 service is currently live. There are no plans to decommission the service as we need to run a SAML2 service to operate within the UK Access Management Federation.
Technical queries and support should be directed to email@example.com and will be picked up by a member of the team working on the service. To ensure that you receive a response, always direct requests to firstname.lastname@example.org rather than reaching out to team members directly.
Raven SAML2 is currently deployed to the following environments:
|Name||Main Application URL||GCP Project|
|Production||https://shib.raven.cam.ac.uk/||Raven Core IdP - production|
|Staging||https://shib-test.raven.cam.ac.uk/||Raven Core IdP - staging|
|Development||https://shibboleth.devel.raven-core.gcp.uis.cam.ac.uk/||Raven Core IdP - development|
All environments access a meta project (Raven Core Idp meta) for shared secrets and monitoring.
Public-facing documentation for testing Raven SAML2 can be found on the UIS webpage.
Source code for Raven SAML2 is spread over the following repositories:
|Shibboleth||External repository holding the Shibboleth source code itself|
|IdP Frontend Container2||Containerised Apache2 frontend which handles interactive authentication|
|Shib Idp Container2||Containerised Shibboleth|
|Dev Docker Compose1||Docker-compose configuration for local development|
|Raven Infrastructure1||Terraform configuration for infrastructure and deployment|
|IdP Resolver Test2||Testing of attribute release|
|Shib Usage Stats2||Log analysis and stats production|
1 DevOps only
2 GitLab users only
The following gives an overview of the technologies that Raven SAML2 is built on.
How and where the service is deployed¶
The GCP deployment follows our standard deployment practice for Google cloud with the exact container versions are specified in the infrastructure deployment and so deployment follows a "gitops" model.
The non-production deployments can be used as an alternative to production Raven
SAML2 by means of a change to
/etc/hosts as documented in the testing
Our standard alerts have been configured:
- Service uptime check from various geographic regions
- SSL expiry checks
- Check for excessive k8s storage volume usage
- Check for excessive CPU, memory or disk pressure on nodes
- Check for excessive CPU, memory or storage use by pods
In addition, the GCP deployment has the following monitoring:
- Check that University and UK Federation metadata sources are correctly imported according to their refresh schedule.
A full environment may be run locally using the Dev Docker Compose project (DevOps only). This allows configuration changes to be debugged locally without affecting any deployed service.
Service Management and tech lead¶
The service owner for Raven SAML2 is Vijay Samtani.
The service manager for Raven SAML2 is Rich Wareham (provisional).
The tech lead for Raven SAML2 is Rich Wareham.
The following engineers have operational experience with Raven SAML2 and are able to respond to support requests or incidents: