Provided by: libwebauth-perl_4.7.0-6build2_amd64 bug

NAME

       WebAuth::Token::WebKDCProxy - WebAuth webkdc-proxy tokens

SYNOPSIS

           my $token = WebAuth::Token::WebKDCProxy->new;
           $token->subject ('user');
           $token->proxy_type ('webkdc');
           $token->proxy_subject ('WEBKDC:remuser');
           $token->expiration (time + 3600);
           print $token->encode ($keyring), "\n";

DESCRIPTION

       A WebAuth webkdc-proxy token, which stores user credentials or authentication information
       for later use by the WebKDC.  This is the token that's stored as a single sign-on cookie
       in the user's browser, allowing the user to authenticate to subsequent web sites without
       reauthenticating.  This token is also returned inside a proxy token to a WAS, which can
       then present it back to the WebKDC to obtain id or cred tokens.

CLASS METHODS

       new ()
           Create a new, empty WebAuth::Token::WebKDCProxy.  At least some attributes will have
           to be set using the accessor methods described below before the token can be used.

INSTANCE METHODS

       As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception
       rather than by return status.

General Methods

       encode (KEYRING)
           Generate the encoded and encrypted form of this token using the provided KEYRING.  The
           encryption key used will be the one returned by the best_key() method of
           WebAuth::Keyring on that KEYRING.

Accessor Methods

       subject ([SUBJECT])
           Get or set the subject, which holds the authenticated identity of the user holding
           this token.

       proxy_type ([TYPE])
           Get or set the type of webkdc-proxy token this token represents, which generally
           represents the authentication mechanism.  The values in common use are "krb5", for a
           webkdc-proxy token that contains a Kerberos TGT, and "remuser", for a webkdc-proxy
           token created via an assertion from an external authentication mechanism.

       proxy_subject ([SUBJECT])
           Get or set the subject to which this webkdc-proxy token was granted.  For tokens
           created internally by the WebKDC for its own use, this will start with "WEBKDC:" and
           then include an identifier for the WebKDC.  For tokens provided to a WebAuth
           Application Server as part of a proxy token, this will contain the identity of the
           WebAuth Application Server.  When the webkdc-proxy token is checked, this subject is
           verified and only the named entity is permitted to use the token.

       data ([DATA])
           Get or set any data associated with the webkdc-proxy token.  For a token with
           proxy_type "krb5", this will be a Kerberos TGT encoded in the format created by the
           export_cred() function of the WebAuth::Krb5 module.

       initial_factors ([FACTORS])
           Get or set a comma-separated list of authentication factors used by the user during
           initial authentication (the single sign-on transaction).  For a list of possible
           factors and their meaning, see the WebAuth protocol specification.

       loa ([LOA])
           Get or set the level of assurance established for this user authentication.  This is a
           number whose values are site-defined but for which increasing numbers represent
           increasing assurance for the authentication.

       creation ([TIMESTAMP])
           Get or set the creation timestamp for this token in seconds since epoch.  If not set,
           the encoded token will have a creation time set to the time of encoding.

       expiration ([TIMESTAMP])
           Get or set the expiration timestamp for this token in seconds since epoch.

AUTHOR

       Russ Allbery <eagle@eyrie.org>

SEE ALSO

       WebAuth(3), WebAuth::Keyring(3), WebAuth::Krb5(3), WebAuth::Token(3)

       This module is part of WebAuth.  The current version is available from
       <http://webauth.stanford.edu/>.