Raven OAuth2¶
This page gives an overview of the Raven OAuth2 service, describing its current status, where and how it's developed and deployed, and who is responsible for maintaining it.
Service Description¶
The Raven service provides a self-service, web-based interactive sign in service for the University. It has several parts. Raven OAuth2 provides a standard OAuth 2.0 interface for sites around the University.
This is provided by Google and conforms to the OpenID Connect specification. This also provides improved security using Google's 2-step verification.
Any application supporting sign in with Google can make use of Raven OAuth2.
The cam.ac.uk Google Workspace is configured to authenticate users via the
Raven Core Authenticator (a SAML2 IdP).
There is a dedicated documentation site for Raven including its OAuth2 interface.
Service Status¶
The Raven OAuth2 service is currently live. There are no plans to decommission the service.
Contact¶
Technical queries and support should be directed to raven-support@uis.cam.ac.uk and will be picked up by a member of the team working on the service. To ensure that you receive a response, always direct requests to raven-support@uis.cam.ac.uk rather than reaching out to team members directly.
Issues discovered in the service or new feature requests should be opened as GitLab issues in the Raven Core Authenticator or Raven Infrastructure projects (both DevOps only).
Environments¶
Raven OAuth2 is currently deployed to the following environments:
All environments access a meta project (Raven Core Idp meta) for shared secrets and monitoring.
Notification channel(s) for environments¶
| Environment | Display name | |
|---|---|---|
| Production | Raven core IdP - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
| Staging | Raven core IdP - Wilson DevOps team email channel | devops-wilson@uis.cam.ac.uk |
Source code¶
Source code for Raven OAuth2 is spread over the following repositories:
| Repository | Description |
|---|---|
| Raven Core Authenticator1 | Containerised Apache2 frontend which handles interactive authentication |
| Raven Infrastructure1 | Terraform configuration for infrastructure and deployment |
1 DevOps only
Technologies used¶
The following gives an overview of the technologies that Raven OAuth2 is built on.
| Category | Language | Framework(s) |
|---|---|---|
| Authenticator | Python 3.7 | Django 2.2 |
| djangosaml2idp | ||
| GCP deployment | Terraform |
Operational documentation¶
There is a dedicated operational documentation folder in the infrastructure Gitlab project (DevOps only).
How and where the service is deployed¶
The Raven Core infrastructure is deployed using Terraform, with releases of the authenticator application deployed by the GitLab CD pipelines associated with the infrastructure Gitlab project (DevOps only).
Deploying a new release¶
The README.md files in each of the source code repositories explain how to
deploy the Authenticator App.
Monitoring¶
The monitoring and alerting system is based on Cloud Monitoring. Alert policies and metrics can be views in the Raven Core IdP meta project (DevOps only).
Our standard 'webapp' alerts have been configured:
- Service uptime check from various geographic regions
- SSL expiry checks
Debugging¶
See the Raven Core Authenticator project (DevOps only) for details on how to deploy a local development instance.
Service Management and tech lead¶
The service owner for Raven OAuth2 is Vijay Samtani.
The service manager for Raven OAuth2 is Dr Я Charles.
The tech lead for Raven OAuth2 is Robin Goodall.
The following engineers have operational experience with Raven OAuth2 and are able to respond to support requests or incidents: