Authentication Token

authentication_token

The Authentication Token object represents standardized authentication tokens, tickets, or assertions that conform to established authentication protocols such as Kerberos, OIDC, and SAML. These tokens are issued by authentication servers and identity providers and carry protocol-specific metadata, lifecycle information, and security attributes defined by their respective specifications.

Attributes

CaptionNameTypeDescription
Created Timecreated_timeTimestampThe time that the authentication token was created.
Encryption Detailsencryption_detailsEncryption Details[]The encryption details of the authentication token.
Expiration Timeexpiration_timeTimestampThe expiration time of the authentication token.
Renewableis_renewableBooleanIndicates whether the authentication token is renewable.
Kerberos Flagskerberos_flagsStringA bitmask, either in hexadecimal or decimal form, which encodes various attributes or permissions associated with a Kerberos ticket. These flags delineate specific characteristics of the ticket, such as its renewability or forwardability.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
TypetypeStringThe type of the authentication token.
Type IDtype_idIntegerThe normalized authentication token type identifier.
  • 0: Unknown (UNKNOWN)
  • 1: Ticket Granting Ticket (TICKET_GRANTING_TICKET)
  • 2: Service Ticket (SERVICE_TICKET)
  • 3: Identity Token (IDENTITY_TOKEN)
  • 4: Refresh Token (REFRESH_TOKEN)
  • 5: SAML Assertion (SAML_ASSERTION)
  • 99: Other (OTHER)
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Authentication Token shown in context

Inbound Relationships

These objects and events reference Authentication Token in their attributes:

Outbound Relationships

Authentication Token references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0