.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "WebKDC::WebRequest 3pm" .TH WebKDC::WebRequest 3pm "2019-01-05" "perl v5.28.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" WebKDC::WebRequest \- Encapsulates a request to a WebAuth WebKDC .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use WebKDC::WebRequest; \& \& my $req = WebKDC::WebRequest\->new; \& $req\->user ($user); \& $req\->pass ($password); \& $req\->request_token ($RT); \& $req\->service_token ($ST); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A WebKDC::WebRequest object encapsulates a request to a WebAuth WebKDC, representing a login attempt for a particular WebAuth Application Server. It is used by the WebLogin server as the argument to make_request_token_request. The object has very little inherent functionality. It's mostly a carrier for data. .SH "CLASS METHODS" .IX Header "CLASS METHODS" .IP "new ()" 4 .IX Item "new ()" Create a new, empty WebKDC::WebRequest object. At least some parameters must be set using accessor functions as described below to do anything useful with the object. .SH "INSTANCE METHODS" .IX Header "INSTANCE METHODS" .IP "authz_subject ([\s-1USER\s0])" 4 .IX Item "authz_subject ([USER])" Retrieve or set the requested authorization identity. This is an identity that the user wishes to assert for authorization purposes to the remote site. It must be vetted by the WebKDC and will be included in the id or proxy token if asserting that authorization identity is permitted. .IP "device_id ([\s-1ID\s0])" 4 .IX Item "device_id ([ID])" Retrieve or set the \s-1ID\s0 of the device used for second factor authentication. This attribute is required if neither \fBotp()\fR nor \fBpass()\fR are set. It is used primarily to indicate a device with which the user is performing an out-of-band second factor authentication that doesn't involve a password or an \s-1OTP\s0 code. .IP "local_ip_addr ([\s-1ADDR\s0])" 4 .IX Item "local_ip_addr ([ADDR])" .PD 0 .IP "local_ip_port ([\s-1PORT\s0])" 4 .IX Item "local_ip_port ([PORT])" .IP "remote_ip_addr ([\s-1ADDR\s0])" 4 .IX Item "remote_ip_addr ([ADDR])" .IP "remote_ip_port ([\s-1PORT\s0])" 4 .IX Item "remote_ip_port ([PORT])" .PD Retrieve or set information about the network connection that is attempting authentication. If one of these values is set, all of them should be set. The remote_* parameters are the \s-1IP\s0 address of the remote client that is attempting to authenticate, and the local_* parameters are the local interface and port to which that client connected. .IP "otp ([\s-1CODE\s0])" 4 .IX Item "otp ([CODE])" Retrieve or set the one-time password sent by the user. This, \fBpass()\fR, or \fBdevice_id()\fR should be set, but \fBotp()\fR and \fBpass()\fR cannot both be set. .IP "otp_type ([\s-1CODE\s0])" 4 .IX Item "otp_type ([CODE])" Retrieve or set the one-time password type sent by the user. Despite the name, this can also be used with \fBdevice_id()\fR to specify the factor type used for out-of-band device authentication, even if it doesn't involve \&\s-1OTP.\s0 This should be a WebAuth factor code corresponding to the type of one-time password that this login token represents. It may be left unset if the caller doesn't know. .IP "login_state ([\s-1STATE\s0])" 4 .IX Item "login_state ([STATE])" Get or set the login state of the request. This field can contain any data the implementer chooses to place and will be passed, by the WebKDC, to the user information service as part of an \s-1OTP\s0 validation. It is usually used in conjunction with multifactor authentication to provide some additional data about the type of multifactor being used. It may be left unset if unneeded. .IP "pass ([\s-1PASSWORD\s0])" 4 .IX Item "pass ([PASSWORD])" Retrieve or set the password sent by the user. Either this or otp should be set, but not both. .IP "proxy_cookie (TYPE[, \s-1COOKIE, FACTOR\s0])" 4 .IX Item "proxy_cookie (TYPE[, COOKIE, FACTOR])" Retrieve or set a proxy cookie of a particular type. If \s-1COOKIE\s0 and \s-1FACTOR\s0 are given, sets a cookie of the given \s-1TYPE\s0 with value \s-1COOKIE\s0 and session factor \s-1FACTOR.\s0 Returns the cookie value of the given \s-1TYPE\s0 or undef if no such cookie is available. .IP "proxy_cookies ([\s-1COOKIES\s0])" 4 .IX Item "proxy_cookies ([COOKIES])" Retrieve or set a hash of all cookies. If the \s-1COOKIES\s0 parameter is provided, it must be a hash of cookie types to anonymous hashes, with each value hash having two keys: \f(CW\*(C`cookie\*(C'\fR, whose value is the cookie value, and \f(CW\*(C`session_factor\*(C'\fR, whose value is the session factors for that cookie. Returns a hash of cookie types to values without the factor information. .IP "proxy_cookies_rich ([\s-1COOKIES\s0])" 4 .IX Item "proxy_cookies_rich ([COOKIES])" Retrieve or set a hash of all cookies including session factors. If the \&\s-1COOKIES\s0 parameter is provided, it must be a hash of cookie types to anonymous hashes, with each value hash having two keys: \f(CW\*(C`cookie\*(C'\fR, whose value is the cookie value, and \f(CW\*(C`session_factor\*(C'\fR, whose value is the session factors for that cookie. Returns a hash in the same structure as the \s-1COOKIES\s0 argument. .IP "remote_user ([\s-1USER\s0])" 4 .IX Item "remote_user ([USER])" Retrieve or set the remote username, as determined by some external authentication system such as Apache authentication. This is not currently used. .IP "request_token ([\s-1TOKEN\s0])" 4 .IX Item "request_token ([TOKEN])" Retrieve or set the request token from the WebAuth application server that prompted this authentication request. This must be set to create a valid WebKDC::WebRequest. .IP "service_token ([\s-1TOKEN\s0])" 4 .IX Item "service_token ([TOKEN])" Retrieve or set the service token provided by the WebAuth application server, which contains the key used to decrypt the request token. This must be set to create a valid WebKDC::WebRequest. .IP "factor_token ([\s-1TOKEN\s0])" 4 .IX Item "factor_token ([TOKEN])" Retrieve or set the factor token, which contains a token given to the user's device in an earlier login to denote a successful multifactor login with that device. .IP "user ([\s-1USER\s0])" 4 .IX Item "user ([USER])" Retrieve or set the username of the authenticating user. This must be set to create a valid WebKDC::WebRequest. .SH "AUTHOR" .IX Header "AUTHOR" Roland Schemers and Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBWebKDC\fR\|(3) .PP This module is part of WebAuth. The current version is available from .