Provided by: libwebauth-perl_4.5.5-2_amd64 
NAME
WebAuth::Token::WebKDCProxy - WebAuth webkdc-proxy tokens
SYNOPSIS
my $token = WebAuth::Token::WebKDCProxy->new;
$token->subject ('user');
$token->proxy_type ('webkdc');
$token->proxy_subject ('WEBKDC:remuser');
$token->expiration (time + 3600);
print $token->encode ($keyring), "\n";
DESCRIPTION
A WebAuth webkdc-proxy token, which stores user credentials or authentication information for later use
by the WebKDC. This is the token that's stored as a single sign-on cookie in the user's browser,
allowing the user to authenticate to subsequent web sites without reauthenticating. This token is also
returned inside a proxy token to a WAS, which can then present it back to the WebKDC to obtain id or cred
tokens.
CLASS METHODS
new ()
Create a new, empty WebAuth::Token::WebKDCProxy. At least some attributes will have to be set using
the accessor methods described below before the token can be used.
INSTANCE METHODS
As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by
return status.
General Methods
encode (KEYRING)
Generate the encoded and encrypted form of this token using the provided KEYRING. The encryption key
used will be the one returned by the best_key() method of WebAuth::Keyring on that KEYRING.
Accessor Methods
subject ([SUBJECT])
Get or set the subject, which holds the authenticated identity of the user holding this token.
proxy_type ([TYPE])
Get or set the type of webkdc-proxy token this token represents, which generally represents the
authentication mechanism. The values in common use are "krb5", for a webkdc-proxy token that
contains a Kerberos TGT, and "remuser", for a webkdc-proxy token created via an assertion from an
external authentication mechanism.
proxy_subject ([SUBJECT])
Get or set the subject to which this webkdc-proxy token was granted. For tokens created internally
by the WebKDC for its own use, this will start with "WEBKDC:" and then include an identifier for the
WebKDC. For tokens provided to a WebAuth Application Server as part of a proxy token, this will
contain the identity of the WebAuth Application Server. When the webkdc-proxy token is checked, this
subject is verified and only the named entity is permitted to use the token.
data ([DATA])
Get or set any data associated with the webkdc-proxy token. For a token with proxy_type "krb5", this
will be a Kerberos TGT encoded in the format created by the export_cred() function of the
WebAuth::Krb5 module.
initial_factors ([FACTORS])
Get or set a comma-separated list of authentication factors used by the user during initial
authentication (the single sign-on transaction). For a list of possible factors and their meaning,
see the WebAuth protocol specification.
loa ([LOA])
Get or set the level of assurance established for this user authentication. This is a number whose
values are site-defined but for which increasing numbers represent increasing assurance for the
authentication.
creation ([TIMESTAMP])
Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded
token will have a creation time set to the time of encoding.
expiration ([TIMESTAMP])
Get or set the expiration timestamp for this token in seconds since epoch.
AUTHOR
Russ Allbery <rra@stanford.edu>
SEE ALSO
WebAuth(3), WebAuth::Keyring(3), WebAuth::Krb5(3), WebAuth::Token(3)
This module is part of WebAuth. The current version is available from <http://webauth.stanford.edu/>.