2.2.3.2.12 EapTtlsConnectionPropertiesV1

TtlsConfig: This type specifies the EAP configuration required for EAP-TTLS as specified in [RFC5281]. It is defined as a complex element containing the following elements:

ServerValidation: An optional element of type ServerValidationParameters (section 2.2.3.2.8). The ServerValidationParameters type is a complex element containing the following elements:

ServerNames: An optional string that specifies the list of servers to which the client can authenticate.

TrustedRootCAHashes: The thumbprint of a root certification authority that is trusted to issue server certificates, represented as a hexadecimal string of the certificate's SHA-1 hash. Zero or more elements can be present.

DisablePrompt: An optional Boolean that specifies method behavior in case the server's certificate is not trusted as per the TTLS connection profile. If TRUE, certificate errors will cause the connection to be refused. If FALSE, the user is prompted to manually accept or reject the certificate.

Phase2Authentication: An optional element of the Phase2AuthenticationParameters type. The Phase2AuthenticationParameters type is a complex element containing one of the following elements:

Eap: An element of type BaseEap (section 2.2.3.2.4) containing parameters for the inner EAP method.

PAPAuthentication: An empty string whose presence indicates that TTLS will attempt PAP authentication protocol after the phase 1 tunnel is established as specified in [RFC5281] section 11.2.5.

CHAPAuthentication: An empty string whose presence indicates that TTLS will attempt CHAP authentication protocol after the phase 1 tunnel is established as specified in [RFC5281] section 11.2.2.

MSCHAPAuthentication: An empty string whose presence indicates that TTLS will attempt MSCHAP authentication protocol after the phase 1 tunnel is established as specified in [RFC5281] section 11.2.3.

MSCHAPv2Authentication: An element of MSCHAPv2AuthenticationParameters type whose presence indicates that TTLS will attempt MSCHAPv2 authentication protocol after the phase 1 tunnel is established as specified in [RFC5281] section 11.2.4. The MSCHAPv2AuthenticationParameters type is a complex element containing the following element:

UseWinlogonCredentials: An optional Boolean element. If TRUE, MSCHAPv2 attempts to authenticate using the logged-on user's username and password. If FALSE or absent, it does not.

Phase1Identity: An optional element of Phase1IdentityParameters type. The Phase1IdentityParameters type is a complex element containing the following elements:

IdentityPrivacy: An optional Boolean that indicates whether IdentityPrivacy is enabled. If TRUE, an anonymous identity is substituted for the user's true identity.

AnonymousIdentity: Contains a Unicode string specifying an alternate identity used in place of a user's true identity. It is sent in the EAP identity response message during the TTLS authentication. Anonymous identity usage is determined by the IdentityPrivacy element.