2.2.3.2.13 EapTeapConnectionPropertiesV1

TeapConfig: This type specifies the EAP configuration required for EAP-TEAP, as specified in [RFC7170]. It is defined as a complex element containing the following elements:

ServerValidation: An optional element of type ServerValidationParameters. The ServerValidationParameters type is a complex element containing the following elements:

ServerNames: An optional string that specifies the list of servers to which the client can authenticate.

TrustedRootCAHashes: The thumbprint of a root certification authority that is trusted to issue server certificates, represented as a hexadecimal string of the certificate's [SHA256] hash. Zero or more elements can be present.

DownloadTrustedServerRoot: An optional Boolean that specifies method behavior in case the server's certificate is not trusted and the user manually accepts the certificate. If TRUE, additional server certificates pushed by the server will be added to the TrustedRootCAHashes element after a successful connection. If FALSE, no additional certificates pushed by the server will be added to the TrustedRootCAHashes element.

DisablePrompt: An optional Boolean that specifies method behavior in case the server's certificate is not trusted as per the TEAP connection profile. If TRUE, certificate errors will cause the connection to be refused. If FALSE, the user is prompted to manually accept or reject the certificate.

Phase2Authentication: An optional element of type Phase2AuthenticationParameters. The Phase2AuthenticationParameters type is a complex element containing the following elements:

InnerMethodConfig: An optional element of type InnerMethodConfigParameters. The InnerMethodConfigParameters type is a complex element containing the following elements:

Eap: An element of type 2.2.3.2.1BaseEap (section 2.2.3.2.4) containing parameters for the inner EAP method.

Phase1Identity: An optional element of Phase1IdentityParameters type. The Phase1IdentityParameters type is a complex element containing the following elements:

IdentityPrivacy: An optional Boolean that indicates whether IdentityPrivacy is enabled during Phase 1 of TEAP authentication, as specified in [RFC7170] section 7.4.1, when Identity is sent as clear text. If TRUE, an anonymous identity is substituted for the user's true identity. The identity used is determined by the AnonymousIdentity element. If AnonymousIdentity is not specified, an empty string identity will be used.

AnonymousIdentity: Contains a Unicode string, as specified in [RFC3748] section 5.1, specifying an alternate identity used in place of a user's true identity. It is sent in the EAP identity response message during TEAP authentication. Anonymous identity usage is determined by the IdentityPrivacy element. If IdentityPrivacy is FALSE, AnonymousIdentity is ignored.