View on GitHub

Raven authentication

Overview

You can configure your site, or a subset of pages, to require user authentication with Raven, the university’s authentication system.

With .htaccess

The SRCF has the mod_ucam_webauth module installed, which makes it easy to do basic authentication using Raven. Full documentation is available, though here are a few common cases.

To protect a directory (whether public_html for your entire site, or a subdirectory of it), create or edit a .htaccess file in that directory, and add the following:

AuthType Ucam-WebAuth
Require valid-user

This will permit access to anyone with a ‘current’ Raven account, i.e. active students and staff. To permit access to any Raven account (including graduated students), add a Ptags directive:

AARequiredPtags none

Alternatively, you may want to limit access to Raven-authenticated users or visitors within the cam.ac.uk domain:

Order allow,deny
Allow from .cam.ac.uk
AuthType Ucam-WebAuth
Require valid-user
Satisfy any

To limit page access to group account admins only, add a unix-group Require directive:

Require unix-group <groupname>

You can also list specific users:

Require user <crsid> <crsid>...

To create a ‘logout’ link, add the following to your .htaccess file (which will create /logout relative to the directory containing the .htaccess file):

<FilesMatch "logout">
    SetHandler AALogout
</FilesMatch>

Example configuration:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]

AuthType Ucam-WebAuth
Require user CRSID

Replace CRSID with your CRSID.

The Rewrite section makes all connections to .../wp-admin/ use SSL which will protect your password, the AuthType section uses Raven to restrict access to the directory, you probably want to use your CRSID on the Require line.

Within an application

If you’re writing or maintaining a webapp that needs to authenticate users for certain pages, you’ll likely need a Raven or UCamWebAuth library. The Raven developer documentation may be useful for finding a suitable integration.


Last modified on Monday Feb 28, 2022 by Richard Allitt