Raven authentication
Overview
You can configure your site, or a subset of pages, to require user authentication with Raven, the university’s authentication system.
With .htaccess
The SRCF has the mod_ucam_webauth module installed, which makes it easy to do basic authentication using Raven. Full documentation is available, though here are a few common cases.
To protect a directory (whether public_html for your entire site, or a
subdirectory of it), create or edit a .htaccess file in that
directory, and add the following:
AuthType Ucam-WebAuth
Require valid-user
This will permit access to anyone with a ‘current’ Raven account, i.e. active students and staff. To permit access to any Raven account (including graduated students), add a Ptags directive:
AARequiredPtags none
Alternatively, you may want to limit access to Raven-authenticated users or visitors within the cam.ac.uk domain:
Order allow,deny
Allow from .cam.ac.uk
AuthType Ucam-WebAuth
Require valid-user
Satisfy any
To limit page access to group account admins only, add a unix-group
Require directive:
Require unix-group <groupname>
You can also list specific users:
Require user <crsid> <crsid>...
To create a ‘logout’ link, add the following to your .htaccess file
(which will create /logout relative to the directory containing the
.htaccess file):
<FilesMatch "logout">
SetHandler AALogout
</FilesMatch>
Example configuration:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent]
AuthType Ucam-WebAuth
Require user CRSID
Replace CRSID with your CRSID.
The Rewrite section makes all connections to .../wp-admin/ use SSL
which will protect your password, the AuthType section uses Raven to
restrict access to the directory, you probably want to use your CRSID on
the Require line.
. is a hidden file on unix. If you are using
the gnome graphical desktop then pressing Ctrl-h in
nautilus (the default file browser) will show hidden files. (If you are
using something else you should be able to work out what to do.)
Within an application
If you’re writing or maintaining a webapp that needs to authenticate users for certain pages, you’ll likely need a Raven or UCamWebAuth library. The Raven developer documentation may be useful for finding a suitable integration.