SSO EAPHost API Overview
This topic provides an overview of the EAPHost APIs that support Single-Sign-On (SSO). For specific SSO scenarios, see SSO EAPHost Scenarios.
The following enumerations support SSO.
|EAP_CONFIG_INPUT_FIELD_TYPE||Defines a set of possible input field types available when querying for user credentials.|
|EAP_INTERACTIVE_UI_DATA_TYPE||Specifies the types of interactive UI context data supplied to certain supplicant API calls.|
The following data structures support SSO.
|EAP_CONFIG_INPUT_FIELD_DATA||Contains the data associated with a single input field.|
|EAP_CONFIG_INPUT_FIELD_ARRAY||Contains a set of EAP_CONFIG_INPUT_FIELD_DATA structures that collectively contain the user input field data obtained from the user.|
|EAP_INTERACTIVE_UI_DATA||Contains configuration information for interactive UI components raised on an EAP supplicant.|
|EAP_CRED_REQ||Contains both the old and new EAP credentials for a credential change operations.|
|EAP_CRED_RESP||Contains both the old and new EAP credentials for a credential change operations.|
|EAP_CRED_EXPIRY_REQ||Contains both the old and new EAP credentials for credential expiry operations.|
|EAP_CRED_EXPIRY_RESP||Contains both the old and new EAP credentials for credential expiry operations.|
EAPHost Peer (Supplicant) APIs
The following supplicant functions support SSO.
|EapHostPeerQueryInteractiveUIInputFields||Obtains the input fields for interactive UI components to be raised on the supplicant.||4|
|EapHostPeerQueryCredentialInputFields||Allows the user to determine what kind of credentials are required by the methods to perform authentication in a SSO scenario.||1|
|EapHostPeerQueryUIBlobFromInteractiveUIInputFields||Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.||5|
|EapHostPeerQueryUserBlobFromCredentialInputFields||Obtains a credential BLOB that can be used to start authentication from user input received by the SSO UI.||2|
|EapHostPeerBeginSession||The supplicant uses the EAP_FLAG_PRE_LOGON flag to indicate that EAPHost should provide SSO. If the EapHostPeerResponseInvokeUI action code is returned, EAPHost calls EapPeerQueryInteractiveUIInputFields, and then calls EapHostPeerQueryUIBlobFromInteractiveUIInputFields
If the EapHostPeerResponseInvokeUI action code is not returned, EAPHost proceeds with the regular, non SSO call sequence. For more information, see Supplicant API Call Sequence.
EAPHost Peer Method APIs
The following peer functions support SSO.
|EapPeerQueryInteractiveUIInputFields||Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.||4|
|EapPeerQueryCredentialInputFields||Defines the implementation of an EAP method-specific function that obtains the EAP SSO credential input fields for that EAP method.||1|
|EapPeerQueryUIBlobFromInteractiveUIInputFields||Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.||5|
|EapPeerQueryUserBlobFromCredentialInputFields||Defines the implementation of an EAP method function that obtains the user BLOB data provided by the interactive SSO UI raised on the supplicant.||2|
|EapPeerBeginSession||The EAP_FLAG_PRE_LOGON flag indicates that EAPHost should provide SSO. In an SSO scenario if the EapPeerResponseInvokeUI action code is returned, EAPHost calls EapPeerQueryInteractiveUIInputFields, and then calls EapPeerQueryUserBlobFromCredentialInputFields
If the EapPeerResponseInvokeUI action code is not returned, EAPHost proceeds with the regular, non SSO call sequence. For more information, see Peer Method API Call Sequence.