locked
EAP-SIM authentication RRS feed

  • Question

  • Hi

     

    We are having problems with UI during EAP-SIM authentication. Auth. communication between radius server and smartcard can start only after PIN code is verified. This is why during the call to RasEapGetIdentity our supplicant needs to bring up dialog window in order to get the PIN code from the user. RasEapGetIdentity has "dwflags" input parameter, which specifies flag RAS_EAP_FLAG_NON_INTERACTIVE. When this flag is set, according to the documentation (http://msdn2.microsoft.com/en-us/library/aa363524.aspx) supplicant should not bring up any UI and return error code, when the PIN can't be determined in any other way. But we need to use the dialog window and I don't know WHY this RAS_EAP_FLAG_NON_INTERACTIVE flag is set... If I knew it I would be able to modify the supplicant (maybe) to use the UI properly. When the supplicant shows dialog window when this flag is set, windows explorer (explorer.exe) crashes.

     

    Thank you

     

    Ondrej Svejkovsky

    Monday, March 10, 2008 3:32 PM

Answers

  •  

    When the flag “RAS_EAP_FLAG_NON_INTERACTIVE” is set and they want to raise a UI, the method should return error code: ERROR_INTERACTIVE_MODE. The supplicant will call

    RasEapGetIdentity() again without the flag “RAS_EAP_FLAG_NON_INTERACTIVE”.

     

    The reason for this behavior is because the first time RasEapGetIdentity() is called, the call is made in the service process (run as “local system”) and no UI should be raised from there. Once the “ERROR_INTERACTIVE_MODE” is returned, the next call to RasEapGetIdentity() will be made in the context of the explorer (i.e. run as current user), from which UI can be safely raised.

     

    Is that what you need?

     

     

    Thursday, May 1, 2008 1:22 AM

All replies

  •  

    When the flag “RAS_EAP_FLAG_NON_INTERACTIVE” is set and they want to raise a UI, the method should return error code: ERROR_INTERACTIVE_MODE. The supplicant will call

    RasEapGetIdentity() again without the flag “RAS_EAP_FLAG_NON_INTERACTIVE”.

     

    The reason for this behavior is because the first time RasEapGetIdentity() is called, the call is made in the service process (run as “local system”) and no UI should be raised from there. Once the “ERROR_INTERACTIVE_MODE” is returned, the next call to RasEapGetIdentity() will be made in the context of the explorer (i.e. run as current user), from which UI can be safely raised.

     

    Is that what you need?

     

     

    Thursday, May 1, 2008 1:22 AM
  • Hi,
      I am running into a similar problem on wired and XP-SP3 platform. I have an eap authentication method that needs to display a user interface to get the User credentials. During the first call to RasEapGetIdentity function, I determine that the flag RAS_EAP_FLAG_NON_INTERACTIVE is set and return an error code of ERROR_INERACTIVE_MODE. However, I find that the next call to RasEapGetIdentity function from the supplicant on wired does not have this flag unset. I somehow need the context of the explorer. Is there a setting or an api call I can make to get the user context? I have tried this on a wireless setting and it all works fine!

    Any help is appreciated!

    Thanks,
    Sindhu
    Friday, April 3, 2009 11:21 PM