Raven UCamWebAuth¶
This page gives an overview of the Raven UCamWebAuth service, describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.
Service Description¶
The Raven service provides a self-service, web-based interactive sign in service for the University. It has several parts. Raven UCamWebAuth provides the most commonly used interface for sites around the University.
Service Status¶
The Raven UCamWebAuth service is currently live. There are plans to decommission this protocol in favour of the modern industry standard protocols (SAML, OAuth2).
Contact¶
Technical queries and support should be directed to raven-support@uis.cam.ac.uk and will be picked up by a member of the team working on the service. To ensure that you receive a response, always direct requests to raven-support@uis.cam.ac.uk rather than reaching out to team members directly.
Issues discovered in the service or new feature requests should be opened as GitLab issues in the Raven UcamWebauth or Raven Legacy Infrastructure projects (both DevOps only).
Environments¶
Raven UCamWebAuth is currently deployed to the following environments:
All environments access a meta project (Raven Legacy meta) for shared secrets and monitoring.
Notification channel(s) for environments¶
| Environment | Display name | |
|---|---|---|
| Production | Raven Legacy - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
| Staging | Raven Legacy - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
Source code¶
Source code for Raven UCamWebAuth is spread over the following repositories:
| Repository | Description |
|---|---|
| Raven Legacy WebAuth Server1 | Containerised Apache2 frontend which handles interactive authentication |
| Raven Legacy Infrastructure1 | Terraform configuration for infrastructure and deployment |
1 DevOps only
Technologies used¶
The following gives an overview of the technologies that Raven UCamWebAuth is built on.
| Category | Language | Framework(s) |
|---|---|---|
| Server | Perl | Mason |
| GCP deployment | Terraform | |
| Admin API | Python | FastAPI |
Operational documentation¶
There is a dedicated operational documentation folder in the infrastructure Gitlab project (DevOps only).
Admin scripts¶
An admin-scripts container also provides restricted API access for management actions.
How and where the service is deployed¶
The Raven Legacy infrastructure is deployed using Terraform, with releases of the authenticator application deployed by the GitLab CD pipelines associated with the infrastructure Gitlab project (DevOps only).
Deploying a new release¶
The README.md files in each of the source code repositories explain how to
deploy the App.
Monitoring¶
The monitoring and alerting system is based on Cloud Monitoring. Alert policies and metrics can be viewed in the Raven Legacy meta project (DevOps only).
Our standard 'webapp' alerts have been configured:
- Service uptime check from various geographic regions
- SSL expiry checks
- Sign-in alerts if logins fail (or succeed when they should fail)
Debugging¶
See the Raven UcamWebauth project (DevOps only) for details on how to deploy a local development instance.
Service Management and tech lead¶
The service owner for Raven UCamWebAuth is Vijay Samtani.
The service manager for Raven UCamWebAuth is Abraham Martin.
The tech lead for Raven UCamWebAuth is Robin Goodall.
The following engineers have operational experience with Raven UCamWebAuth and are able to respond to support requests or incidents: