SSO EAPHost API Overview
This topic provides an overview of the EAPHost APIs that support Single-Sign-On (SSO). For specific SSO scenarios, see SSO EAPHost Scenarios.
The following enumerations support SSO.
|EAP_CONFIG_INPUT_FIELD_TYPE||Defines a set of possible input field types available when querying for user credentials.|
|EAP_INTERACTIVE_UI_DATA_TYPE||Specifies the types of interactive UI context data supplied to certain supplicant API calls.|
The following data structures support SSO.
|EAP_CONFIG_INPUT_FIELD_DATA||Contains the data associated with a single input field.|
|EAP_CONFIG_INPUT_FIELD_ARRAY||Contains a set of EAP_CONFIG_INPUT_FIELD_DATA structures that collectively contain the user input field data obtained from the user.|
|EAP_INTERACTIVE_UI_DATA||Contains configuration information for interactive UI components raised on an EAP supplicant.|
|EAP_CRED_REQ||Contains both the old and new EAP credentials for a credential change operations.|
|EAP_CRED_RESP||Contains both the old and new EAP credentials for a credential change operations.|
|EAP_CRED_EXPIRY_REQ||Contains both the old and new EAP credentials for credential expiry operations.|
|EAP_CRED_EXPIRY_RESP||Contains both the old and new EAP credentials for credential expiry operations.|
The following supplicant functions support SSO.
|EapHostPeerQueryInteractiveUIInputFields||Obtains the input fields for interactive UI components to be raised on the supplicant.||4|
|EapHostPeerQueryCredentialInputFields||Allows the user to determine what kind of credentials are required by the methods to perform authentication in a SSO scenario.||1|
|EapHostPeerQueryUIBlobFromInteractiveUIInputFields||Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.||5|
|EapHostPeerQueryUserBlobFromCredentialInputFields||Obtains a credential BLOB that can be used to start authentication from user input received by the SSO UI.||2|
|EapHostPeerBeginSession||The supplicant uses the EAP_FLAG_PRE_LOGON flag to indicate that EAPHost should provide SSO. |
If the EapHostPeerResponseInvokeUI action code is returned, EAPHost calls EapPeerQueryInteractiveUIInputFields, and then calls EapHostPeerQueryUIBlobFromInteractiveUIInputFields
The following peer functions support SSO.
|EapPeerQueryInteractiveUIInputFields||Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.||4|
|EapPeerQueryCredentialInputFields||Defines the implementation of an EAP method-specific function that obtains the EAP SSO credential input fields for that EAP method.||1|
|EapPeerQueryUIBlobFromInteractiveUIInputFields||Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.||5|
|EapPeerQueryUserBlobFromCredentialInputFields||Defines the implementation of an EAP method function that obtains the user BLOB data provided by the interactive SSO UI raised on the supplicant.||2|
|EapPeerBeginSession||The EAP_FLAG_PRE_LOGON flag indicates that EAPHost should provide SSO. |
If the EapPeerResponseInvokeUI action code is not returned, EAPHost proceeds with the regular, non SSO call sequence. For more information, see Peer Method API Call Sequence.