.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "WebAuth::Token::WebKDCProxy 3pm" .TH WebAuth::Token::WebKDCProxy 3pm "2019-01-05" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" WebAuth::Token::WebKDCProxy \- WebAuth webkdc\-proxy tokens .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 6 \& my $token = WebAuth::Token::WebKDCProxy\->new; \& $token\->subject (\*(Aquser\*(Aq); \& $token\->proxy_type (\*(Aqwebkdc\*(Aq); \& $token\->proxy_subject (\*(AqWEBKDC:remuser\*(Aq); \& $token\->expiration (time + 3600); \& print $token\->encode ($keyring), "\en"; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A WebAuth webkdc-proxy token, which stores user credentials or authentication information for later use by the WebKDC. This is the token that's stored as a single sign-on cookie in the user's browser, allowing the user to authenticate to subsequent web sites without reauthenticating. This token is also returned inside a proxy token to a \s-1WAS,\s0 which can then present it back to the WebKDC to obtain id or cred tokens. .SH "CLASS METHODS" .IX Header "CLASS METHODS" .IP "new ()" 4 .IX Item "new ()" Create a new, empty WebAuth::Token::WebKDCProxy. At least some attributes will have to be set using the accessor methods described below before the token can be used. .SH "INSTANCE METHODS" .IX Header "INSTANCE METHODS" As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by return status. .SH "General Methods" .IX Header "General Methods" .IP "encode (\s-1KEYRING\s0)" 4 .IX Item "encode (KEYRING)" Generate the encoded and encrypted form of this token using the provided \&\s-1KEYRING.\s0 The encryption key used will be the one returned by the \&\fBbest_key()\fR method of WebAuth::Keyring on that \s-1KEYRING.\s0 .SH "Accessor Methods" .IX Header "Accessor Methods" .IP "subject ([\s-1SUBJECT\s0])" 4 .IX Item "subject ([SUBJECT])" Get or set the subject, which holds the authenticated identity of the user holding this token. .IP "proxy_type ([\s-1TYPE\s0])" 4 .IX Item "proxy_type ([TYPE])" Get or set the type of webkdc-proxy token this token represents, which generally represents the authentication mechanism. The values in common use are \f(CW\*(C`krb5\*(C'\fR, for a webkdc-proxy token that contains a Kerberos \s-1TGT,\s0 and \f(CW\*(C`remuser\*(C'\fR, for a webkdc-proxy token created via an assertion from an external authentication mechanism. .IP "proxy_subject ([\s-1SUBJECT\s0])" 4 .IX Item "proxy_subject ([SUBJECT])" Get or set the subject to which this webkdc-proxy token was granted. For tokens created internally by the WebKDC for its own use, this will start with \f(CW\*(C`WEBKDC:\*(C'\fR and then include an identifier for the WebKDC. For tokens provided to a WebAuth Application Server as part of a proxy token, this will contain the identity of the WebAuth Application Server. When the webkdc-proxy token is checked, this subject is verified and only the named entity is permitted to use the token. .IP "data ([\s-1DATA\s0])" 4 .IX Item "data ([DATA])" Get or set any data associated with the webkdc-proxy token. For a token with proxy_type \f(CW\*(C`krb5\*(C'\fR, this will be a Kerberos \s-1TGT\s0 encoded in the format created by the \fBexport_cred()\fR function of the WebAuth::Krb5 module. .IP "initial_factors ([\s-1FACTORS\s0])" 4 .IX Item "initial_factors ([FACTORS])" Get or set a comma-separated list of authentication factors used by the user during initial authentication (the single sign-on transaction). For a list of possible factors and their meaning, see the WebAuth protocol specification. .IP "loa ([\s-1LOA\s0])" 4 .IX Item "loa ([LOA])" Get or set the level of assurance established for this user authentication. This is a number whose values are site-defined but for which increasing numbers represent increasing assurance for the authentication. .IP "creation ([\s-1TIMESTAMP\s0])" 4 .IX Item "creation ([TIMESTAMP])" Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded token will have a creation time set to the time of encoding. .IP "expiration ([\s-1TIMESTAMP\s0])" 4 .IX Item "expiration ([TIMESTAMP])" Get or set the expiration timestamp for this token in seconds since epoch. .SH "AUTHOR" .IX Header "AUTHOR" Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBWebAuth\fR\|(3), \fBWebAuth::Keyring\fR\|(3), \fBWebAuth::Krb5\fR\|(3), \fBWebAuth::Token\fR\|(3) .PP This module is part of WebAuth. The current version is available from .