Edit

Share via

Authenticator Method API Call Sequence

  • Article

This topic provides the specific call sequence for the authenticator method API. During a typical EAP authentication session EAPHost makes a number of calls on an EAP method that implement the EAPHost authenticator method APIs.

The following list demonstrates the sequence of calls made by EAPHost on an EAP authenticator method.

  • The EAP authenticator first loads the EAP method DLL used for the specific authentication on a network policy server (NPS) or other authentication server.
  • Calls EapAuthenticatorGetInfo on the method with a populated EAP_TYPE structure to obtain a list of pointers to functions implemented on the DLL. Subsequent function calls by the authenticator methods (server) are assumed to be implemented on the DLL.
  • Calls EapAuthenticatorInitialize to instruct the EAP method library to prepare for at least one authentication session using this authenticator method.
  • Calls EapMethodAuthenticatorBeginSession to establish a unique authentication session.
  • Repeats the following steps until EapMethodAuthenticatorReceivePacket indicates that an authentication result is available.
    • Calls EapMethodAuthenticatorSendPacket with a pointer to a request packet to pass to the supplicant.
    • Calls EapMethodAuthenticatorReceivePacket to retrieve the response packet sent by the supplicant. This function returns a EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION code that indicates the next action the authenticator must take in the EAP authentication session.
    • If the action code is EAP_METHOD_AUTHENTICATOR_RESPONSE_RESPOND, it indicates that the EAP method has attributes available for the authenticator to retrieve and pass to the peer method. Authenticator calls EapMethodAuthenticatorGetAttributes to obtain the various EAP authentication attributes from the EAP authenticator method. After the authenticator processes the attributes it calls EapMethodAuthenticatorSetAttributes which provides updated EAP authentication attributes to set on the EAP authenticator method. This function returns a EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION code which determines the subsequent action.
  • If the action code is EAP_METHOD_AUTHENTICATOR_RESPONSE_RESULT, it indicates that the authenticator has determined the results of the authentication session, and those results are available to EAPHost. Authenticator calls EapMethodAuthenticatorGetResult and obtains the results of the authentication session.
  • This is followed by a call toEapMethodAuthenticatorEndSession to end the authentication session.
  • Finally, a call is made to EapMethodAuthenticatorShutdown to unload the authenticator method DLL.
  • Unloads the EAP method library.

EAP_METHOD_AUTHENTICATOR_RESPONSE_ACTION

Supplicant API Call Sequence

Peer Method API Call Sequence

EAPHost Call Sequences