GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


NAME

       WebAuth::Token::Id - WebAuth id tokens

SYNOPSIS

           my $token = WebAuth::Token::Id->new;
           $token->subject ('user');
           $token->auth ('webkdc');
           $token->creation (time);
           $token->expiration (time + 3600);
           print $token->encode ($keyring), "
";

DESCRIPTION

       A WebAuth id token, which identifies a user to a WebAuth Authentication
       Server.  This token is sent from the WebKDC to the WAS following a user
       authentication to communicate the authentication information.

CLASS METHODS

       new ()
           Create a new, empty WebAuth::Token::Id.  At least some attributes
           will have to be set using the accessor methods described below
           before the token can be used.

INSTANCE METHODS

       As with WebAuth module functions, failures are signaled by throwing
       WebAuth::Exception rather than by return status.

General Methods

       encode (KEYRING)
           Generate the encoded and encrypted form of this token using the
           provided KEYRING.  The encryption key used will be the one returned
           by the best_key() method of WebAuth::Keyring on that KEYRING.

Accessor Methods

       subject ([SUBJECT])
           Get or set the subject, which holds the authenticated identity of
           the user holding this token.  This is set for tokens of
           authenticator type "webkdc", but not for tokens of authenticator
           type "krb5".

       authz_subject ([SUBJECT])
           Get or set the authorization subject, which holds the asserted
           authorization identity of the user holding this token.  The
           authorization identity may not match the authenticated identity.
           It represents a request to use the authorization identity instead
           of the authentication subject when applying ACLs or determining
           identity in the application.

       auth ([TYPE])
           Get or set the authentication type, which describes what type of
           authenticator is included in this token.  Currently will be one of
           the values "webkdc", indicating a bearer token, and "krb5",
           indicating that the token contains a Kerberos authenticator.

       auth_data ([DATA])
           Get or set the authentication data.  If the authenticator type is
           "krb5", this will hold a Kerberos authenticator such as is created
           by the make_auth() function of the WebAuth::Krb5 module.  It is raw
           binary data.

       initial_factors ([FACTORS])
           Get or set a comma-separated list of authentication factors used by
           the user during initial authentication (the single sign-on
           transaction).  For a list of possible factors and their meaning,
           see the WebAuth protocol specification.

       session_factors ([FACTORS])
           Get or set a comma-separated list of authentication factors used by
           the user to authenticate this session (this particular visit to
           this WebAuth Application Server).  For a list of possible factors
           and their meaning, see the WebAuth protocol specification.

       loa ([LOA])
           Get or set the level of assurance established for this user
           authentication.  This is a number whose values are site-defined but
           for which increasing numbers represent increasing assurance for the
           authentication.

       creation ([TIMESTAMP])
           Get or set the creation timestamp for this token in seconds since
           epoch.  If not set, the encoded token will have a creation time set
           to the time of encoding.

       expiration ([TIMESTAMP])
           Get or set the expiration timestamp for this token in seconds since
           epoch.

AUTHOR

       Russ Allbery <eagle@eyrie.org>

SEE ALSO

       WebAuth(3), WebAuth::Keyring(3), WebAuth::Krb5(3), WebAuth::Token(3)

       This module is part of WebAuth.  The current version is available from
       <http://webauth.stanford.edu/>.



  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to webmaster@gnu.wiki.
Page load time: 0.109 seconds. Last modified: November 04 2018 12:49:43.