< WebAuth::Token::Proxy | Russ Allbery > Software > Orphaned Software > WebAuth | WebAuth::Token::WebKDCFactor > |
(WebAuth request tokens)
my $token = WebAuth::Token::Request->new; $token->type ('id'); $token->auth ('webkdc'); $token->return_url ($url); $token->creation (time); print $token->encode ($keyring), "\n";
A WebAuth request token, sent by the WebAuth Application Server to the WebKDC to initiate a request.
This token has two forms. The first is sent by the WAS to the WebKDC via a redirect to request either an id or a proxy token for the user, depending on whether the WAS will need credentials. The second is sent to the WebKDC as part of a request for a service token and contains only the command and creation time. If the command() attribute is set, most other attributes must not be set.
Create a new, empty WebAuth::Token::Request. At least some attributes will have to be set using the accessor methods described below before the token can be used.
As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by return status.
Generate the encoded and encrypted form of this token using the provided KEYRING. The encryption key used will be the one returned by the best_key() method of WebAuth::Keyring on that KEYRING.
Get or set the type of token requested. This can be either id
to
request only an id token, or proxy
to request a proxy token that
can be used to retrieve other types of tokens later.
Get or set the type of id token requested. This attribute is only used if
the type() attribute is id
. It should be set to either webkdc
to
request a bearer token or krb5
to request a token with a Kerberos
authenticator.
Get or set the type of proxy token requested. This attribute is only used
if the type() attribute is proxy
. It currently will always be set to
krb5
, but must still be explicitly set when creating a new token.
Get or set the optional state data. If this data is provided, it will be returned by the WebKDC to the WebAuth Application Server as a second element in the URL. It is normally used to hold an app token that contains the session key used for WebKDC communication, encrypted in the private key of a WebAuth Application Server pool.
Get or set the return URL, which specifies the URL to which the user should be sent after successful authentication.
Get or set an optional comma-separated list of request options. For a complete list of supported options and their meanings, see the WebAuth protocol specification.
Get or set a comma-separated list of authentication factors that the user is required to use for initial authentication (the single sign-on transaction). For a list of possible factors and their meaning, see the WebAuth protocol specification.
Get or set a comma-separated list of authentication factors that the user is required to use to authenticate this session (this particular visit to this WebAuth Application Server). For a list of possible factors and their meaning, see the WebAuth protocol specification.
Get or set the level of assurance required for the user authentication. This is a number whose values are site-defined but for which increasing numbers represent increasing assurance for the authentication.
Get or set the XML element for which this token provides an authenticator. If this attribute is set, no other attributes other than creation() should be set. This type of token is used inside an XML request to the WebKDC to authenticate that request via an encrypted token in the shared key established between the WebAuth Authentication Server and the WebKDC.
Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded token will have a creation time set to the time of encoding.
Russ Allbery <eagle@eyrie.org>
WebAuth(3), WebAuth::Keyring(3), WebAuth::Token(3)
This module is part of WebAuth. The current version is available from <http://webauth.stanford.edu/>.
< WebAuth::Token::Proxy | Russ Allbery > Software > Orphaned Software > WebAuth | WebAuth::Token::WebKDCFactor > |