SSO EAPHost API Overview

This topic provides an overview of the EAPHost APIs that support Single-Sign-On (SSO). For specific SSO scenarios, see SSO EAPHost Scenarios.

EAPHost Enumerations

The following enumerations support SSO.

Name	Purpose
EAP_CONFIG_INPUT_FIELD_TYPE	Defines a set of possible input field types available when querying for user credentials.
EAP_INTERACTIVE_UI_DATA_TYPE	Specifies the types of interactive UI context data supplied to certain supplicant API calls.

The following data structures support SSO.

Name	Purpose
EAP_CONFIG_INPUT_FIELD_DATA	Contains the data associated with a single input field.
EAP_CONFIG_INPUT_FIELD_ARRAY	Contains a set of EAP_CONFIG_INPUT_FIELD_DATA structures that collectively contain the user input field data obtained from the user.
EAP_INTERACTIVE_UI_DATA	Contains configuration information for interactive UI components raised on an EAP supplicant.
EAP_CRED_REQ	Contains both the old and new EAP credentials for a credential change operations.
EAP_CRED_RESP	Contains both the old and new EAP credentials for a credential change operations.
EAP_CRED_EXPIRY_REQ	Contains both the old and new EAP credentials for credential expiry operations.
EAP_CRED_EXPIRY_RESP	Contains both the old and new EAP credentials for credential expiry operations.

The following supplicant functions support SSO.

Name	Purpose	Order Called
EapHostPeerQueryInteractiveUIInputFields	Obtains the input fields for interactive UI components to be raised on the supplicant.	4
EapHostPeerQueryCredentialInputFields	Allows the user to determine what kind of credentials are required by the methods to perform authentication in a SSO scenario.	1
EapHostPeerQueryUIBlobFromInteractiveUIInputFields	Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.	5
EapHostPeerQueryUserBlobFromCredentialInputFields	Obtains a credential BLOB that can be used to start authentication from user input received by the SSO UI.	2
EapHostPeerBeginSession	The supplicant uses the EAP_FLAG_PRE_LOGON flag to indicate that EAPHost should provide SSO. If the EapHostPeerResponseInvokeUI action code is returned, EAPHost calls EapPeerQueryInteractiveUIInputFields, and then calls EapHostPeerQueryUIBlobFromInteractiveUIInputFields If the EapHostPeerResponseInvokeUI action code is not returned, EAPHost proceeds with the regular, non SSO call sequence. For more information, see Supplicant API Call Sequence.	3

The following peer functions support SSO.

Name	Purpose	Order Called
EapPeerQueryInteractiveUIInputFields	Defines the implementation of an EAP method API that provides the input fields for interactive UI components to be raised on the supplicant.	4
EapPeerQueryCredentialInputFields	Defines the implementation of an EAP method-specific function that obtains the EAP SSO credential input fields for that EAP method.	1
EapPeerQueryUIBlobFromInteractiveUIInputFields	Converts user information into a user BLOB that can be consumed by EAPHost run-time functions.	5
EapPeerQueryUserBlobFromCredentialInputFields	Defines the implementation of an EAP method function that obtains the user BLOB data provided by the interactive SSO UI raised on the supplicant.	2
EapPeerBeginSession	The EAP_FLAG_PRE_LOGON flag indicates that EAPHost should provide SSO. In an SSO scenario if the EapPeerResponseInvokeUI action code is returned, EAPHost calls EapPeerQueryInteractiveUIInputFields, and then calls EapPeerQueryUserBlobFromCredentialInputFields If the EapPeerResponseInvokeUI action code is not returned, EAPHost proceeds with the regular, non SSO call sequence. For more information, see Peer Method API Call Sequence.	3