NAME¶
WebKDC::WebResponse - Encapsulates a response from a WebAuth WebKDC
SYNOPSIS¶
use WebKDC::WebResponse
my $resp = WebKDC::WebResponse->new;
$resp->subject ($user);
$resp->requester_subject ($req_subject);
$resp->response_token_type ('id');
$resp->response_token ($id);
$resp->return_url ($url);
DESCRIPTION¶
A WebKDC::WebResponse object encapsulates a response from a WebAuth WebKDC,
representing the result of a login attempt for a particular WebAuth
Application Server. It is filled in by the WebKDC module as the result of a
make_request_token_request call. The object has very little inherent
functionality. It's mostly a carrier for data.
CLASS METHODS¶
- new ()
- Create a new, empty WebKDC::WebResponse object. At least some parameters
must be set using accessor functions as described below to do anything
useful with the object.
INSTANCE METHODS¶
- app_state ([STATE])
- Returns or sets the application state token. If this is set in the
response, the WebLogin server should return it to the WebAuth application
server as the WEBAUTHS parameter in the URL.
- authz_subject ([SUBJECT])
- Retrieve or set the asserted authorization identity. This is an identity
separate from the authentication identity that is vetted by the WebKDC and
asserted for authorization purposes to the remote site. It is included in
the id or proxy token, but is also included directly in the response for
display reasons in the WebLogin code.
- factor_configured ([FACTOR, ...])
- factor_needed ([FACTOR, ...])
- Returns or sets the authentication factors this user has configured or
that the WebAuth application server requires. These are set when the
user's authentication was rejected because multifactor authentication was
required and are used by the WebLogin server to determine what factor to
prompt for or to customize an error message explaining to the user what
factors they need to configure.
- login_canceled_token ([LC])
- Returns or sets a login cancellation token. If the user decides to cancel
this authentication, this token should be returned to the WebAuth
application server as the WEBAUTHR parameter in the URL.
- login_history ([RECORD, ...])
- Returns the list of login history records or adds new login history
records. If any parameters are given, they are history records that will
be added to the list. Note that there is no way to remove an entry from
the list once it has been added.
Each RECORD should be an anonymous hash with an "ip" key whose
value is the IP address from which the user logged in and a
"timestamp" key whose value is the time of that login in seconds
since epoch. There may optionally be a "hostname" key that, if
present, gives the hostname from which the user logged in.
- permitted_authz ([SUBJECT, ...])
- Returns the list of permitted authorization identities or sets them. If
any parameters are given, the list of acceptable authorization identities
is replaced with the list of subjects given. The permitted authorization
identities are unique to this authenticated user and destination
site.
- cookie (TYPE[, VALUE][, EXPIRATION])
- Returns or sets a cookie of the specified type. The TYPE parameter should
be the type of the cookie. The VALUE, if present, is the corresponding
token, suitable for being set as a browser cookie. The EXPIRATION, if
present, is the value the cookie expiration should be set for. Returns the
token of the given type, if any is set.
- cookies ()
- Returns all cookies as a hash, whose keys are the types and whose values
are the tokens. The returned hash is a reference to the hash inside the
WebKDC::WebResponse object and therefore should not be modified by the
caller.
- return_url ([URL])
- Returns or sets the return URL to which the user should be directed after
authentication.
- requester_subject ([SUBJECT])
- Returns or sets the identity of the WebAuth application server that
prompted this authentication attempt.
- response_token ([TOKEN])
- response_token_type ([TYPE])
- Returns or sets the token that is the result of the authentication
attempt, or the type of that token. This will be either an id token or a
proxy token, depending on what the WebAuth application server
requested.
- subject ([SUBJECT])
- Returns or sets the authenticated user identity.
- password_expiration ([EXPIRATION])
- Returns or sets the password expiration time for the authenticating user,
in seconds since UNIX epoch.
- user_message ([TEXT])
- Text passed back from the user information service as a message to display
to the user as explanatory text.
AUTHOR¶
Roland Schemers and Russ Allbery <eagle@eyrie.org>
SEE ALSO¶
WebKDC(3)
This module is part of WebAuth. The current version is available from
<
http://webauth.stanford.edu/>.