Provided by: libwebauth-perl_4.7.0-3build1_amd64 
NAME
WebAuth::Token::WebKDCProxy - WebAuth webkdc-proxy tokens
SYNOPSIS
my $token = WebAuth::Token::WebKDCProxy->new;
$token->subject ('user');
$token->proxy_type ('webkdc');
$token->proxy_subject ('WEBKDC:remuser');
$token->expiration (time + 3600);
print $token->encode ($keyring), "\n";
DESCRIPTION
A WebAuth webkdc-proxy token, which stores user credentials or authentication information
for later use by the WebKDC. This is the token that's stored as a single sign-on cookie
in the user's browser, allowing the user to authenticate to subsequent web sites without
reauthenticating. This token is also returned inside a proxy token to a WAS, which can
then present it back to the WebKDC to obtain id or cred tokens.
CLASS METHODS
new ()
Create a new, empty WebAuth::Token::WebKDCProxy. At least some attributes will have
to be set using the accessor methods described below before the token can be used.
INSTANCE METHODS
As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception
rather than by return status.
General Methods
encode (KEYRING)
Generate the encoded and encrypted form of this token using the provided KEYRING. The
encryption key used will be the one returned by the best_key() method of
WebAuth::Keyring on that KEYRING.
Accessor Methods
subject ([SUBJECT])
Get or set the subject, which holds the authenticated identity of the user holding
this token.
proxy_type ([TYPE])
Get or set the type of webkdc-proxy token this token represents, which generally
represents the authentication mechanism. The values in common use are "krb5", for a
webkdc-proxy token that contains a Kerberos TGT, and "remuser", for a webkdc-proxy
token created via an assertion from an external authentication mechanism.
proxy_subject ([SUBJECT])
Get or set the subject to which this webkdc-proxy token was granted. For tokens
created internally by the WebKDC for its own use, this will start with "WEBKDC:" and
then include an identifier for the WebKDC. For tokens provided to a WebAuth
Application Server as part of a proxy token, this will contain the identity of the
WebAuth Application Server. When the webkdc-proxy token is checked, this subject is
verified and only the named entity is permitted to use the token.
data ([DATA])
Get or set any data associated with the webkdc-proxy token. For a token with
proxy_type "krb5", this will be a Kerberos TGT encoded in the format created by the
export_cred() function of the WebAuth::Krb5 module.
initial_factors ([FACTORS])
Get or set a comma-separated list of authentication factors used by the user during
initial authentication (the single sign-on transaction). For a list of possible
factors and their meaning, see the WebAuth protocol specification.
loa ([LOA])
Get or set the level of assurance established for this user authentication. This is a
number whose values are site-defined but for which increasing numbers represent
increasing assurance for the authentication.
creation ([TIMESTAMP])
Get or set the creation timestamp for this token in seconds since epoch. If not set,
the encoded token will have a creation time set to the time of encoding.
expiration ([TIMESTAMP])
Get or set the expiration timestamp for this token in seconds since epoch.
AUTHOR
Russ Allbery <eagle@eyrie.org>
SEE ALSO
WebAuth(3), WebAuth::Keyring(3), WebAuth::Krb5(3), WebAuth::Token(3)
This module is part of WebAuth. The current version is available from
<http://webauth.stanford.edu/>.