SSO Password Change Behavior
This topic provides a step-by-step approach for resolving SSO password change behavior.
Step-By-Step Approach
The following list represents a step-by-step approach for resolving SSO password change behavior.
Once the EAP method is notified about a password change, the method notifies EAPHost; EAPHost in turn notifies the supplicant by returning the action code, EapHostPeerResponseInvokeUI.
After receiving the EapHostPeerResponseInvokeUI action code from EAPHost, the supplicant obtains the UI context from the EAP method by calling the EapHostPeerGetUIContext function; EAPHost then obtains the UI context from the EAP method by calling the corresponding method function
The supplicant passes the UI context to the UI process (using some form of inter-process communication).
The UI process calls EapHostPeerQueryInteractiveUIInputFields on EAPHost.
EAPHost collects the UI context by calling EapPeerQueryInteractiveUIInputFields on the EAP method.
The EAP method provides any necessary UI context information in the EAP_INTERACTIVE_UI_DATA structure, where dwDataType is set to EapCredExpiryReq and pbUiData points to a structure of type EAP_CRED_REQ.
While populating the EAP_INTERACTIVE_UI_DATA structure, this EAP method will only fill in the curCreds parameter, and not set the EAP_UI_INPUT_FIELD_PROPS_READ_ONLY flag in the EAP_CONFIG_INPUT_FIELD_DATA structure.
Note
The EAP_UI_INPUT_FIELD_PROPS_READ_ONLY flag is for member field(s) which need to be changed.
Having collected the UI context informtion, the UI process renders a UI to collect change password information from the user. This information is populated in the NewCreds parameter of the EAP_CRED_EXPIRY_REQ structure.
The UI process passes the EAP_CRED_RESP structure back to EAPHost via EapHostPeerQueryUIBlobFromInteractiveUIInputFields.
The UI process passes this user BLOB to the supplicant, and the supplicant continues with EAPHost run-time functions as usual.
Related topics