.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "WebKDC 3pm" .TH WebKDC 3pm "2020-12-21" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" WebKDC \- Send requests to a WebAuth WebKDC .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 4 \& use WebKDC; \& use WebKDC::Exception; \& use WebKDC::WebRequest; \& use WebKDC::WebResponse; \& \& my ($status, $exception) \& = WebKDC::make_request_token_request ($req, $resp); \& my ($token, $subject); \& ($status, $exception, $token, $subject) \& = WebKDC::make_proxy_token_request ($krbreq, $tgt); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This module provides functions to make a and a call to a WebAuth WebKDC. These functions encapsulate the \s-1XML\s0 protocol and \s-1HTTP\s0 requests. This module is primarily intended for use by the WebLogin server to process requests from WebAuth Application Servers. .SH "FUNCTIONS" .IX Header "FUNCTIONS" .IP "make_proxy_token_request (\s-1AUTH, TGT\s0)" 4 .IX Item "make_proxy_token_request (AUTH, TGT)" Makes a request to the WebKDC. The result, if successful, will be a webkdc-proxy token that can be passed into a subsequent call to make_request_token_request. .Sp \&\s-1AUTH\s0 is a Kerberos authenticator for the WebKDC's Kerberos principal, as generated by the WebAuth::Krb5 make_auth method. \s-1TGT\s0 is a Kerberos ticket-granting ticket, exported with the WebAuth::Krb5 export_cred method, and then encrypted in the same call to make_auth as the \s-1DATA\s0 argument. Both must already be base64\-encoded. .Sp The return value is a four-element list. The first value will be the status. On error, the second value is an exception object and the remaining values are undef. On success, the second value is undef, the third value is the webkdc-proxy token (base64\-encoded), and the fourth value is the subject (the identity) represented by the webkdc-proxy token. .IP "make_request_token_request (\s-1REQUEST, RESPONSE\s0)" 4 .IX Item "make_request_token_request (REQUEST, RESPONSE)" Used to handle an incoming request token. \s-1REQUEST\s0 is a populated WebKDC::WebRequest object, and \s-1RESPONSE\s0 should be a newly-created WebKDC::WebResponse object. The request will be handled off to the configured WebKDC (see WebKDC::Config) and the results stored in the response object. .Sp The return value is a list of the status and the exception object, if any. The status will be \s-1WK_SUCCESS\s0 on success and some other WK_ERR_* status code on failure. See WebKDC::WebKDCException for the other status codes. .IP "throw (\s-1ERROR_CODE, ERROR_MSG, PEC, DATA\s0)" 4 .IX Item "throw (ERROR_CODE, ERROR_MSG, PEC, DATA)" Throw a WebKDCException with the given error code and message. This can also take an optional protocol error code and data. .IP "request_token_request (\s-1REQUEST, RESPONSE\s0)" 4 .IX Item "request_token_request (REQUEST, RESPONSE)" Makes a requestTokenRequest call to the WebKDC, using data from the given WebKDC::WebRequest object. This will create the \s-1XML\s0 to communicate with the WebKDC, pass it along, then parse the response. .Sp There is no return value. Instead, data is parsed from the WebKDC's response and placed into the WebKDC::WebResponse object passed to the function. On an error, we throw an exception with a specific error code. .IP "proxy_token_request (\s-1REQUEST, TGT\s0)" 4 .IX Item "proxy_token_request (REQUEST, TGT)" Makes a webkdcProxyTokenRequest call to the WebKDC, using the given WebKDC::WebRequest and \s-1TGT\s0 passed. This will create the \s-1XML\s0 to communicate with the WebKDC, pass it along, then parse the response. .Sp The return value is a list of the returned proxy token and subject. On any failure, we throw an exception with a specific error code. .IP "get_keyring (\s-1WA\s0)" 4 .IX Item "get_keyring (WA)" Returns a keyring object from the configured WebLogin keyring path. .IP "get_child_value (\s-1ELEMENT, NAME, OPT\s0)" 4 .IX Item "get_child_value (ELEMENT, NAME, OPT)" Gets and returns the content of a child for the given element. \s-1NAME\s0 is the name of the child to search for. If there is no child of that name, throw an exception of type \s-1WK_ERR_UNRECOVERABLE_ERROR.\s0 If \s-1OPT\s0 is set and there was no child of the given name, instead just return undef. .SH "AUTHOR" .IX Header "AUTHOR" Roland Schemers and Russ Allbery . .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBWebAuth\fR\|(3), \fBWebAuth::Krb5\fR\|(3), \fBWebKDC::WebKDCException\fR\|(3), \&\fBWebKDC::WebRequest\fR\|(3), \fBWebKDC::WebRespsonse\fR\|(3) .PP This module is part of WebAuth. The current version is available from .