Configuring the EAP Method User Interface
This topic explains how to configure the supplicant by supplying an EAP method configuration to EAPHost.
For a supplicant to perform an EAP-based authentication using EAPHost, a supplicant must supply an EAP method configuration to EAPHost through the EapHostPeerBeginSession function.
To obtain the EAP method configuration, a supplicant typically queries EAPHost using EapHostPeerGetMethods to learn the complete set of EAP methods that are available and installed on the local machine. The list of methods is typically presented to the user in a combination box or other UI control that allows the user to select the method they want.
Note
The supplicant may choose to filter the displayed list of methods based on the method property bits indicated in EAP_METHOD_INFO.eapProperties. Some methods may not be appropriate for the security characteristics of the transport provided by the supplicant, for example.
Once the UI control is populated with the set of possible EAP methods, the user selects the method they want to configure. Typically, the supplicant provides a Configuration or Properties button for the user to access configuration properties of the selected EAP method.
Note
The supplicant is aware that there are user-configurable properties based on the eapPropSupportsConfig bit being enabled in EAP_METHOD_INFO.eapProperties.
For more information, see EAP Method Properties.
When the user clicks the appropriate UI control, the supplicant calls EapHostPeerInvokeConfigUI, passing into the function the HWND value for the supplicant's own UI, the EAP_METHOD_TYPE structure obtained from the query to EAP_METHOD_INFO structure and other required parameters.
Calling EapHostPeerInvokeConfigUI invokes an EAP method's own configuration UI. On return from EapHostPeerInvokeConfigUI, the function will return an EAP method configuration BLOB as an out-parameter.
The supplicant stores the configuration BLOB, along with the EAP_METHOD_TYPE structure for use with EapHostPeerBeginSession.
The precise method for storing the configuraiton BLOB is entirely up to the supplicant. However, the supplicant should always store the configuration in a suitable, secure manner appropriate for system and user authentication configuration data.
Related topics