.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "WebKDC::WebResponse 3pm" .TH WebKDC::WebResponse 3pm "2020-12-21" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" WebKDC::WebResponse \- Encapsulates a response from a WebAuth WebKDC .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use WebKDC::WebResponse \& \& my $resp = WebKDC::WebResponse\->new; \& $resp\->subject ($user); \& $resp\->requester_subject ($req_subject); \& $resp\->response_token_type (\*(Aqid\*(Aq); \& $resp\->response_token ($id); \& $resp\->return_url ($url); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A WebKDC::WebResponse object encapsulates a response from a WebAuth WebKDC, representing the result of a login attempt for a particular WebAuth Application Server. It is filled in by the WebKDC module as the result of a make_request_token_request call. The object has very little inherent functionality. It's mostly a carrier for data. .SH "CLASS METHODS" .IX Header "CLASS METHODS" .IP "new ()" 4 .IX Item "new ()" Create a new, empty WebKDC::WebResponse object. At least some parameters must be set using accessor functions as described below to do anything useful with the object. .SH "INSTANCE METHODS" .IX Header "INSTANCE METHODS" .IP "app_state ([\s-1STATE\s0])" 4 .IX Item "app_state ([STATE])" Returns or sets the application state token. If this is set in the response, the WebLogin server should return it to the WebAuth application server as the \s-1WEBAUTHS\s0 parameter in the \s-1URL.\s0 .IP "authz_subject ([\s-1SUBJECT\s0])" 4 .IX Item "authz_subject ([SUBJECT])" Retrieve or set the asserted authorization identity. This is an identity separate from the authentication identity that is vetted by the WebKDC and asserted for authorization purposes to the remote site. It is included in the id or proxy token, but is also included directly in the response for display reasons in the WebLogin code. .IP "default_device ([\s-1ID\s0])" 4 .IX Item "default_device ([ID])" Returns or sets the default device to use for obtaining a second factor. This may be set when the user's authentication was rejected because multifactor authentication was required, and is used by WebLogin as part of the prompting for the second factor authentication. .IP "default_factor ([\s-1FACTOR\s0])" 4 .IX Item "default_factor ([FACTOR])" Returns or sets the default authentication factor to use when a second authentication factor besides password is required. This may be set when the user's authentication was rejected because multifactor authentication was required, and is used by WebLogin as part of the prompting for the second factor authentication. .IP "devices ([\s-1RECORD, ...\s0])" 4 .IX Item "devices ([RECORD, ...])" Returns the list of devices for second authentication factors that the user has available, or adds a new one. If any parameters are given, they are device records that will be added to the list. Note that there is no way to remove an entry from the list once it has been added. .Sp Each \s-1RECORD\s0 should be an anonymous hash with a \f(CW\*(C`name\*(C'\fR key indicating the human-readable name of the device, a \f(CW\*(C`id\*(C'\fR key indicating the opaque identifier for the device, and a \f(CW\*(C`factors\*(C'\fR key, whose value is a reference to an array of factor codes that device supports. The \&\fBdefault_device()\fR attribute should match the \f(CW\*(C`id\*(C'\fR key of one of the device records, and the \fBdefault_factor()\fR attribute should match one of the factors listed for that device. .IP "factor_configured ([\s-1FACTOR, ...\s0])" 4 .IX Item "factor_configured ([FACTOR, ...])" .PD 0 .IP "factor_needed ([\s-1FACTOR, ...\s0])" 4 .IX Item "factor_needed ([FACTOR, ...])" .PD Returns or sets the authentication factors this user has configured or that the WebAuth application server requires. These are set when the user's authentication was rejected because multifactor authentication was required and are used by the WebLogin server to determine what factor to prompt for or to customize an error message explaining to the user what factors they need to configure. .IP "login_canceled_token ([\s-1LC\s0])" 4 .IX Item "login_canceled_token ([LC])" Returns or sets a login cancellation token. If the user decides to cancel this authentication, this token should be returned to the WebAuth application server as the \s-1WEBAUTHR\s0 parameter in the \s-1URL.\s0 .IP "login_history ([\s-1RECORD, ...\s0])" 4 .IX Item "login_history ([RECORD, ...])" Returns the list of login history records or adds new login history records. If any parameters are given, they are history records that will be added to the list. Note that there is no way to remove an entry from the list once it has been added. .Sp Each \s-1RECORD\s0 should be an anonymous hash with an \f(CW\*(C`ip\*(C'\fR key whose value is the \s-1IP\s0 address from which the user logged in and a \f(CW\*(C`timestamp\*(C'\fR key whose value is the time of that login in seconds since epoch. There may optionally be a \f(CW\*(C`hostname\*(C'\fR key that, if present, gives the hostname from which the user logged in. .IP "permitted_authz ([\s-1SUBJECT, ...\s0])" 4 .IX Item "permitted_authz ([SUBJECT, ...])" Returns the list of permitted authorization identities or sets them. If any parameters are given, the list of acceptable authorization identities is replaced with the list of subjects given. The permitted authorization identities are unique to this authenticated user and destination site. .IP "cookie (TYPE[, \s-1VALUE\s0][, \s-1EXPIRATION\s0])" 4 .IX Item "cookie (TYPE[, VALUE][, EXPIRATION])" Returns or sets a cookie of the specified type. The \s-1TYPE\s0 parameter should be the type of the cookie. The \s-1VALUE,\s0 if present, is the corresponding token, suitable for being set as a browser cookie. The \s-1EXPIRATION,\s0 if present, is the value the cookie expiration should be set for. Returns the token of the given type, if any is set. .IP "cookies ()" 4 .IX Item "cookies ()" Returns all cookies as a hash, whose keys are the types and whose values are the tokens. The returned hash is a reference to the hash inside the WebKDC::WebResponse object and therefore should not be modified by the caller. .IP "return_url ([\s-1URL\s0])" 4 .IX Item "return_url ([URL])" Returns or sets the return \s-1URL\s0 to which the user should be directed after authentication. .IP "requester_subject ([\s-1SUBJECT\s0])" 4 .IX Item "requester_subject ([SUBJECT])" Returns or sets the identity of the WebAuth application server that prompted this authentication attempt. .IP "response_token ([\s-1TOKEN\s0])" 4 .IX Item "response_token ([TOKEN])" .PD 0 .IP "response_token_type ([\s-1TYPE\s0])" 4 .IX Item "response_token_type ([TYPE])" .PD Returns or sets the token that is the result of the authentication attempt, or the type of that token. This will be either an id token or a proxy token, depending on what the WebAuth application server requested. .IP "subject ([\s-1SUBJECT\s0])" 4 .IX Item "subject ([SUBJECT])" Returns or sets the authenticated user identity. .IP "password_expiration ([\s-1EXPIRATION\s0])" 4 .IX Item "password_expiration ([EXPIRATION])" Returns or sets the password expiration time for the authenticating user, in seconds since \s-1UNIX\s0 epoch. .IP "user_message ([\s-1TEXT\s0])" 4 .IX Item "user_message ([TEXT])" Text passed back from the user information service as a message to display to the user as explanatory text. .SH "AUTHOR" .IX Header "AUTHOR" Roland Schemers and Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBWebKDC\fR\|(3) .PP This module is part of WebAuth. The current version is available from .