Version set to 1.0-alpha16

Estimated flag to enable TLS 1.3 once available added
Schannel tweaked to support TLS 1.2 now
2016-08-31 18:40:45 +02:00 · 2016-08-31 18:40:28 +02:00 · 2016-08-31 18:13:24 +02:00 · 2016-08-31 17:41:22 +02:00 · 2016-08-31 17:13:59 +02:00 · 2016-08-31 16:50:12 +02:00
31 changed files with 2276 additions and 547 deletions
--- a/EAPMethods/locale/EAPMethods.pot
+++ b/EAPMethods/locale/EAPMethods.pot
@@ -2,7 +2,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: EAPMethods\n"
-"POT-Creation-Date: 2016-08-28 23:08+0200\n"
+"POT-Creation-Date: 2016-08-31 17:41+0200\n"
 "PO-Revision-Date: 2016-06-02 12:27+0200\n"
 "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
 "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -20,152 +20,188 @@ msgstr ""
 "X-Poedit-SearchPath-4: EAPMethods\n"
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:37
-msgid "Advanced..."
+msgid "+"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:38
 msgid "Adds new provider"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:42
 msgid "-"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:43
 msgid "Removes selected provider"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:47
 msgid "Advanced..."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:48
 msgid "Opens dialog with provider settings"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:174 lib/EAPBase_UI/res/wxEAP_UI.cpp:299
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:230 lib/EAPBase_UI/res/wxEAP_UI.cpp:355
 msgid "Client Credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:185
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:241
 msgid "Manage credentials used to connect."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:198
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:254
 msgid "Use &own credentials:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:199
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:255
 msgid "Select this option if you have your unique credentials to connect"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:204
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:260
 msgid "Your credentials loaded from Windows Credential Manager"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:214
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:270
 msgid "&Clear Credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:215
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:271
 msgid ""
 "Click to clear your credentials from Credential Manager.\n"
 "Note: You will be prompted to enter credentials when connecting."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:219 lib/EAPBase_UI/res/wxEAP_UI.cpp:252
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:275 lib/EAPBase_UI/res/wxEAP_UI.cpp:308
 msgid "&Set Credentials..."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:220 lib/EAPBase_UI/res/wxEAP_UI.cpp:253
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:276 lib/EAPBase_UI/res/wxEAP_UI.cpp:309
 msgid "Click here to set or modify your credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:236
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:292
 msgid "Use &pre-shared credentials:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:237
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:293
 msgid "Select this options if all clients connect using the same credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:242
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:298
 msgid "Common (pre-shared) credentials"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:310
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:366
 msgid "Please provide your user ID and password."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:320
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:376
 msgid "User ID:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:325
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:381
 msgid "Enter your user name here (user@domain.org, DOMAIN\\User, etc.)"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:329
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:385
 msgid "Password:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:334
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:390
 msgid "Enter your password here"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:341 lib/TLS_UI/res/wxTLS_UI.cpp:183
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:397 lib/TLS_UI/res/wxTLS_UI.cpp:183
 msgid "&Remember"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:342
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:398
 msgid "Check if you would like to save username and password"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:364
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:420
 msgid "Your Organization"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:375
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:431
 msgid "Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:382
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:438
 msgid "Your organization &name:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:387
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:443
 msgid "Your organization name as it will appear on helpdesk contact notifications"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:391
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:447
 msgid "(Keep it short, please)"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:401
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:457
 msgid "Helpdesk contact &information:"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:411
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:467
 msgid "¶"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:418
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:474
 msgid "Your helpdesk website address"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:422
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:478
 msgid "*"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:429
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:485
 msgid "Your helpdesk e-mail address"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:433
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
 msgid ")"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:440
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:496
 msgid "Your helpdesk phone number"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:468
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:524
 msgid "Provider Unique Identifier"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:535
 msgid "Assign your organization a unique ID to allow sharing the same credential set across different network profiles."
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:542
 msgid "Provider unique &identifier:"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:547
 msgid "Your organization ID to assign same credentials from other profiles"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:551
 msgid "(Examples: contoso.com, DOT-UK, etc.)"
 msgstr ""
 #: lib/EAPBase_UI/res/wxEAP_UI.cpp:576
 msgid "Configuration Lock"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:479
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:587
 msgid "Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:486
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:594
 msgid "&Lock this configuration and prevent any further modification via user interface."
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.cpp:489
+#: lib/EAPBase_UI/res/wxEAP_UI.cpp:597
 msgid "(Warning: Once locked, you can not revert using this dialog!)"
 msgstr ""
@@ -174,47 +210,52 @@ msgstr ""
 msgid "%s Credentials"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:128
+#: lib/EAPBase_UI/src/EAP_UI.cpp:123 lib/EAPBase_UI/include/EAP_UI.h:351
 #: lib/EAPBase_UI/include/EAP_UI.h:361 lib/EAPBase_UI/res/wxEAP_UI.h:118
 msgid "EAP Credentials"
 msgstr ""
 #: lib/EAPBase_UI/src/EAP_UI.cpp:166
 #, c-format
 msgid "For additional help and instructions, please contact %s at:"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:130
+#: lib/EAPBase_UI/src/EAP_UI.cpp:168
 #, c-format
 msgid "your %ls provider"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:130
+#: lib/EAPBase_UI/src/EAP_UI.cpp:168
 msgid "your provider"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:149
+#: lib/EAPBase_UI/src/EAP_UI.cpp:187
 msgid "Open the default web browser"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:160
+#: lib/EAPBase_UI/src/EAP_UI.cpp:198
 msgid "Open your e-mail program"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:171
+#: lib/EAPBase_UI/src/EAP_UI.cpp:209
 msgid "Dial the phone number"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:191
+#: lib/EAPBase_UI/src/EAP_UI.cpp:229
 #, c-format
 msgid "%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:193
+#: lib/EAPBase_UI/src/EAP_UI.cpp:231
 #, c-format
 msgid "Your %ls provider"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:193
+#: lib/EAPBase_UI/src/EAP_UI.cpp:231
 msgid "Your provider"
 msgstr ""
-#: lib/EAPBase_UI/src/EAP_UI.cpp:213
+#: lib/EAPBase_UI/src/EAP_UI.cpp:251
 msgid "Previous attempt to connect failed. Please, make sure your credentials are correct, or try again later."
 msgstr ""
@@ -388,14 +429,14 @@ msgstr ""
 msgid "Custom outer identity to use"
 msgstr ""
-#: lib/TTLS_UI/src/Module.cpp:249 lib/TTLS_UI/src/Module.cpp:259
+#: lib/TTLS_UI/src/Module.cpp:272 lib/TTLS_UI/src/Module.cpp:282
-#: lib/EAPBase_UI/include/EAP_UI.h:584
+#: lib/EAPBase_UI/include/EAP_UI.h:690
 #, c-format
 msgid "Error writing credentials to Credential Manager: %hs (error %u)"
 msgstr ""
-#: lib/TTLS_UI/src/Module.cpp:251 lib/TTLS_UI/src/Module.cpp:261
+#: lib/TTLS_UI/src/Module.cpp:274 lib/TTLS_UI/src/Module.cpp:284
-#: lib/EAPBase_UI/include/EAP_UI.h:587
+#: lib/EAPBase_UI/include/EAP_UI.h:693
 msgid "Writing credentials failed."
 msgstr ""
@@ -415,42 +456,47 @@ msgstr ""
 msgid "Outer Authentication"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:283
+#: lib/EAPBase_UI/include/EAP_UI.h:288
-msgid "EAP Credentials"
+#, c-format
 msgid "Are you sure you want to permanently remove %ls provider from configuration?"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:443
+#: lib/EAPBase_UI/include/EAP_UI.h:288
 msgid "Warning"
 msgstr ""
 #: lib/EAPBase_UI/include/EAP_UI.h:548
 msgid "Provider Settings"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:600
+#: lib/EAPBase_UI/include/EAP_UI.h:706
 #, c-format
 msgid "Deleting credentials failed (error %u)."
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:633
+#: lib/EAPBase_UI/include/EAP_UI.h:739
 #, c-format
 msgid "<error %u>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:637
+#: lib/EAPBase_UI/include/EAP_UI.h:743
 msgid "<error>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:646 lib/EAPBase_UI/include/EAP_UI.h:657
+#: lib/EAPBase_UI/include/EAP_UI.h:754 lib/EAPBase_UI/include/EAP_UI.h:763
-msgid "<empty credentials>"
+msgid "<empty>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:649 lib/EAPBase_UI/include/EAP_UI.h:660
+#: lib/EAPBase_UI/include/EAP_UI.h:754 lib/EAPBase_UI/include/EAP_UI.h:763
-msgid "<blank identity>"
+msgid "<blank ID>"
 msgstr ""
-#: lib/EAPBase_UI/include/EAP_UI.h:866
+#: lib/EAPBase_UI/include/EAP_UI.h:968
 msgid "<Your Organization>"
 msgstr ""
-#: lib/EAPBase_UI/res/wxEAP_UI.h:64
+#: lib/EAPBase_UI/res/wxEAP_UI.h:68
-msgid "EAP Method Configuration"
+msgid "EAP Connection Configuration"
 msgstr ""
 #: EAPMethods/MSIBuild/En.Win32.Release.Feature-2.idtx:3
--- a/EAPMethods/src/Main_UI.cpp
+++ b/EAPMethods/src/Main_UI.cpp
@@ -193,17 +193,17 @@ DWORD WINAPI EapPeerConfigBlob2Xml(
        HRESULT hr;
        // Create configuration XML document.
-        com_obj<IXMLDOMDocument2> pDoc;
+        com_obj<IXMLDOMDocument2> pConfigDoc;
-        if (FAILED(hr = pDoc.create(CLSID_DOMDocument60, NULL, CLSCTX_INPROC_SERVER))) {
+        if (FAILED(hr = pConfigDoc.create(CLSID_DOMDocument60, NULL, CLSCTX_INPROC_SERVER))) {
            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error creating XML document.")));
            return dwResult;
        }
-        pDoc->put_async(VARIANT_FALSE);
+        pConfigDoc->put_async(VARIANT_FALSE);
        // Load empty XML configuration.
        VARIANT_BOOL isSuccess = VARIANT_FALSE;
-        if (FAILED((hr = pDoc->loadXML(L"<Config xmlns=\"http://www.microsoft.com/provisioning/EapHostConfig\"><EAPIdentityProviderList xmlns=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\"></EAPIdentityProviderList></Config>", &isSuccess)))) {
+        if (FAILED((hr = pConfigDoc->loadXML(L"<Config xmlns=\"http://www.microsoft.com/provisioning/EapHostConfig\"></Config>", &isSuccess)))) {
            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = HRESULT_CODE(hr), _T(__FUNCTION__) _T(" Error loading XML document template.")));
            return dwResult;
        }
@@ -214,16 +214,16 @@ DWORD WINAPI EapPeerConfigBlob2Xml(
        // Select <Config> node.
        com_obj<IXMLDOMNode> pXmlElConfig;
-        pDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eaphostconfig=\"http://www.microsoft.com/provisioning/EapHostConfig\""));
+        pConfigDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eaphostconfig=\"http://www.microsoft.com/provisioning/EapHostConfig\""));
-        if (FAILED(eapxml::select_node(pDoc, bstr(L"eaphostconfig:Config"), &pXmlElConfig))) {
+        if (FAILED(eapxml::select_node(pConfigDoc, bstr(L"eaphostconfig:Config"), &pXmlElConfig))) {
            g_peer.log_error(*ppEapError = g_peer.make_error(dwResult = ERROR_NOT_FOUND, _T(__FUNCTION__) _T(" Error selecting <Config> element.")));
            return dwResult;
        }
        // Save configuration.
-        pDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\""));
+        pConfigDoc->setProperty(bstr(L"SelectionNamespaces"), variant(L"xmlns:eap-metadata=\"urn:ietf:params:xml:ns:yang:ietf-eap-metadata\""));
        try {
-            g_peer.config_blob2xml(dwFlags, pConnectionData, dwConnectionDataSize, pDoc, pXmlElConfig);
+            g_peer.config_blob2xml(dwFlags, pConnectionData, dwConnectionDataSize, pConfigDoc, pXmlElConfig);
        } catch (std::exception &err) {
            g_peer.log_error(*ppEapError = g_peer.make_error(err));
            return dwResult = (*ppEapError)->dwWinError;
@@ -231,7 +231,7 @@ DWORD WINAPI EapPeerConfigBlob2Xml(
            return dwResult = ERROR_INVALID_DATA;
        }
-        *ppConfigDoc = pDoc.detach();
+        *ppConfigDoc = pConfigDoc.detach();
    }
    return dwResult;
--- a/EventMonitor/ETWLog.cpp
+++ b/EventMonitor/ETWLog.cpp
@@ -31,7 +31,7 @@ using namespace winstd;
 // Local helper functions declarations
 //////////////////////////////////////////////////////////////////////////
-static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ LPCBYTE pData);
+static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ ULONG ulData);
 static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(nDataSize) LPCBYTE pData, _In_ SIZE_T nDataSize, _In_ const EVENT_MAP_INFO *pMapInfo, _In_ BYTE nPtrSize);
 static ULONG GetArraySize(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG i, ULONG *pulArraySize);
 static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, ULONG ulPropIndex, LPWSTR pStructureName, ULONG ulStructIndex, BYTE nPtrSize);
@@ -762,18 +762,18 @@ bool wxPersistentETWListCtrl::Restore()
 // Local helper functions
 //////////////////////////////////////////////////////////////////////////
-static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ LPCBYTE pData)
+static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ ULONG ulData)
 {
    if ( (pMapInfo->Flag &  EVENTMAP_INFO_FLAG_MANIFEST_VALUEMAP) ||
        ((pMapInfo->Flag &  EVENTMAP_INFO_FLAG_WBEM_VALUEMAP    ) && (pMapInfo->Flag & ~EVENTMAP_INFO_FLAG_WBEM_VALUEMAP) != EVENTMAP_INFO_FLAG_WBEM_FLAG))
    {
        if ((pMapInfo->Flag & EVENTMAP_INFO_FLAG_WBEM_NO_MAP) == EVENTMAP_INFO_FLAG_WBEM_NO_MAP)
-            return tstring_printf(_T("%ls"), (PBYTE)pMapInfo + pMapInfo->MapEntryArray[*(PULONG)pData].OutputOffset);
+            return tstring_printf(_T("%ls"), (PBYTE)pMapInfo + pMapInfo->MapEntryArray[ulData].OutputOffset);
        else {
            for (ULONG i = 0; ; i++) {
                if (i >= pMapInfo->EntryCount)
-                    return tstring_printf(_T("%lu"), *(PULONG)pData);
+                    return tstring_printf(_T("%lu"), ulData);
-                else if (pMapInfo->MapEntryArray[i].Value == *(PULONG)pData)
+                else if (pMapInfo->MapEntryArray[i].Value == ulData)
                    return tstring_printf(_T("%ls"), (PBYTE)pMapInfo + pMapInfo->MapEntryArray[i].OutputOffset);
            }
        }
@@ -786,15 +786,15 @@ static tstring MapToString(_In_ const EVENT_MAP_INFO *pMapInfo, _In_ LPCBYTE pDa
        if (pMapInfo->Flag & EVENTMAP_INFO_FLAG_WBEM_NO_MAP) {
            for (ULONG i = 0; i < pMapInfo->EntryCount; i++)
-                if (*(PULONG)pData & (1 << i))
+                if (ulData & (1 << i))
                    out.append(tstring_printf(out.empty() ? _T("%ls") : _T(" | %ls"), (PBYTE)pMapInfo + pMapInfo->MapEntryArray[i].OutputOffset));
        } else {
            for (ULONG i = 0; i < pMapInfo->EntryCount; i++)
-                if ((pMapInfo->MapEntryArray[i].Value & *(PULONG)pData) == pMapInfo->MapEntryArray[i].Value)
+                if ((pMapInfo->MapEntryArray[i].Value & ulData) == pMapInfo->MapEntryArray[i].Value)
                    out.append(tstring_printf(out.empty() ? _T("%ls") : _T(" | %ls"), (PBYTE)pMapInfo + pMapInfo->MapEntryArray[i].OutputOffset));
        }
-        return out.empty() ? tstring_printf(_T("%lu"), *(PULONG)pData) : out;
+        return out.empty() ? tstring_printf(_T("%lu"), ulData) : out;
    }
    return _T("<unknown map>");
@@ -875,7 +875,7 @@ static tstring DataToString(_In_ USHORT InType, _In_ USHORT OutType, _In_count_(
                case TDH_OUTTYPE_NTSTATUS  :
                case TDH_OUTTYPE_HEXINT32  : return tstring_printf(_T("0x%x"       ),  *(PULONG)pData);
                case TDH_OUTTYPE_IPV4      : return tstring_printf(_T("%d.%d.%d.%d"), (*(PULONG)pData >> 0) & 0xff, (*(PULONG)pData >> 8) & 0xff, (*(PULONG)pData >> 16) & 0xff, (*(PULONG)pData >> 24) & 0xff);
-                default:                     return pMapInfo ? MapToString(pMapInfo, pData) : tstring_printf(_T("%lu"), *(PULONG)pData);
+                default:                     return pMapInfo ? MapToString(pMapInfo, *(PULONG)pData) : tstring_printf(_T("%lu"), *(PULONG)pData);
            }
        case TDH_INTYPE_HEXINT32:
@@ -1105,8 +1105,9 @@ static tstring PropertyToString(PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, U
                    // in the EVENT_MAP_ENTRY structure. Replace the trailing space with a null-
                    // terminating character, so that the bit mapped strings are correctly formatted.
                    for (ULONG i = 0; i < map_info->EntryCount; i++) {
-                        SIZE_T len = _tcslen((LPCTSTR)((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset)) - 1;
+                        LPWSTR str = (LPWSTR)((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset);
-                        ((LPWSTR)((PBYTE)map_info.get() + map_info->MapEntryArray[i].OutputOffset))[len] = 0;
+                        SIZE_T len = wcslen(str);
                        if (len) str[len - 1] = 0;
                    }
                }
--- a/EventMonitor/MSIBuild/Makefile
+++ b/EventMonitor/MSIBuild/Makefile
--- a/EventMonitor/locale/EventMonitor.pot
+++ b/EventMonitor/locale/EventMonitor.pot
@@ -1,7 +1,8 @@
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: EventMonitor\n"
-"POT-Creation-Date: 2016-08-27 14:20+0200\n"
+"POT-Creation-Date: 2016-08-31 02:51+0200\n"
 "PO-Revision-Date: 2016-06-02 12:27+0200\n"
 "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
 "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -16,7 +17,7 @@ msgstr ""
 "X-Poedit-KeywordsList: _\n"
 "X-Poedit-SearchPath-0: .\n"
-#: App.cpp:69 Frame.h:67 MSIBuild/En.Win32.Release.Feature-2.idtx:4
+#: App.cpp:61 Frame.h:67 MSIBuild/En.Win32.Release.Feature-2.idtx:4
 #: MSIBuild/En.x64.Release.Feature-2.idtx:4
 msgid "Event Monitor"
 msgstr ""
@@ -213,8 +214,6 @@ msgid "EVENTM~1|GÉANTLink Event Monitor"
 msgstr ""
 #: MSIBuild/En.Win32.Release.Feature-2.idtx:4
 #: MSIBuild/En.Win32.Release.Shortcut-2.idtx:4
 #: MSIBuild/En.x64.Release.Feature-2.idtx:4
 #: MSIBuild/En.x64.Release.Shortcut-2.idtx:4
 msgid "Real-time display of internal events"
 msgstr ""
--- a/MSI/Base/locale/GEANTLink.pot
+++ b/MSI/Base/locale/GEANTLink.pot
@@ -2,7 +2,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: GÉANTLink MSI\n"
-"POT-Creation-Date: 2016-07-15 10:51+0200\n"
+"POT-Creation-Date: 2016-08-31 14:33+0200\n"
 "PO-Revision-Date: 2016-06-02 12:27+0200\n"
 "Last-Translator: Simon Rozman <simon.rozman@amebis.si>\n"
 "Language-Team: Amebis, d. o. o., Kamnik <info@amebis.si>\n"
@@ -17,25 +17,20 @@ msgstr ""
 "X-Poedit-KeywordsList: _\n"
 "X-Poedit-SearchPath-0: .\n"
-#: En.Win32.Release.Property-2.idtx:6 En.x64.Release.Property-2.idtx:6
+#: En.Win32.Release.LaunchCondition-2.idtx:4
-msgid "+386 1 8311 035"
+#: En.x64.Release.LaunchCondition-2.idtx:4
 msgid "[ProductName] requires Windows Vista or later version of Windows."
 msgstr ""
 #: En.Win32.Release.Property-2.idtx:3 En.x64.Release.Property-2.idtx:3
 #, fuzzy
 msgid "1252"
 msgstr "1250"
 #: En.Win32.Release.Property-2.idtx:5 En.x64.Release.Property-2.idtx:5
 msgid "Amebis, p. p. 69, SI-1241 Kamnik, Slovenia, E.U."
 msgstr ""
-#: En.Win32.Release.Property-2.idtx:4 En.x64.Release.Property-2.idtx:4
+#: En.Win32.Release.Property-2.idtx:4 En.Win32.Release.Property-2.idtx:5
-msgid "Amebis, Slovenia, E.U."
+#: En.x64.Release.Property-2.idtx:4 En.x64.Release.Property-2.idtx:5
 msgid "http://www.geant.org/"
 msgstr ""
-#: En.Win32.Release.Property-2.idtx:7 En.Win32.Release.Property-2.idtx:8
+#: En.Win32.Release.Property-2.idtx:6 En.x64.Release.Property-2.idtx:6
-#: En.Win32.Release.Property-2.idtx:9 En.x64.Release.Property-2.idtx:7
+msgid "https://github.com/Amebis/GEANTLink/releases"
 #: En.x64.Release.Property-2.idtx:8 En.x64.Release.Property-2.idtx:9
 msgid "http://www.amebis.si/"
 msgstr ""
--- a/include/Version.h
+++ b/include/Version.h
@@ -29,7 +29,7 @@
 // Product version as a single DWORD
 // Note: Used for version comparison within C/C++ code.
 //
-#define PRODUCT_VERSION          0x00ff0f00
+#define PRODUCT_VERSION          0x00ff1000
 //
 // Product version by components
@@ -39,26 +39,26 @@
 //
 #define PRODUCT_VERSION_MAJ      0
 #define PRODUCT_VERSION_MIN      255
-#define PRODUCT_VERSION_REV      15
+#define PRODUCT_VERSION_REV      16
 #define PRODUCT_VERSION_BUILD    0
 //
 // Human readable product version and build year for UI
 //
-#define PRODUCT_VERSION_STR      "1.0-alpha15"
+#define PRODUCT_VERSION_STR      "1.0-alpha16"
 #define PRODUCT_BUILD_YEAR_STR   "2016"
 //
 // Numerical version presentation for ProductVersion propery in
 // MSI packages (syntax: N.N[.N[.N]])
 //
-#define PRODUCT_VERSION_INST     "0.255.15"
+#define PRODUCT_VERSION_INST     "0.255.16"
 //
 // The product code for ProductCode property in MSI packages
 // Replace with new on every version change, regardless how minor it is.
 //
-#define PRODUCT_VERSION_GUID     "{2C45C10E-80B7-4E3B-A06F-08A1A795EDE5}"
+#define PRODUCT_VERSION_GUID     "{A41E8D8D-8A6F-415E-B303-C839E2C8A931}"
 //
 // Product vendor
--- a/lib/EAPBase/include/Config.h
+++ b/lib/EAPBase/include/Config.h
@@ -89,6 +89,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ eap::config &val);
 #include <eaptypes.h> // Must include after <Windows.h>
 #include <tchar.h>
 #include <list>
 #include <string>
 #include <memory>
@@ -192,6 +193,9 @@ namespace eap
    public:
        module &m_module;   ///< EAP module
    protected:
        static const winstd::bstr namespace_eapmetadata;
    };
@@ -452,7 +456,7 @@ namespace eap
    public:
        bool m_read_only;                                       ///< Is profile read-only
-        std::wstring m_id;                                      ///< Profile ID
+        std::wstring m_id;                                      ///< Provider ID
        winstd::tstring m_name;                                 ///< Provider name
        winstd::tstring m_help_email;                           ///< Helpdesk e-mail
        winstd::tstring m_help_web;                             ///< Helpdesk website URL
@@ -466,6 +470,9 @@ namespace eap
    class config_connection : public config
    {
    public:
        typedef std::list<eap::config_provider> provider_list;
    public:
        ///
        /// Constructs configuration
@@ -560,7 +567,7 @@ namespace eap
        /// @}
    public:
-        std::vector<eap::config_provider> m_providers;  ///< Array of provider configurations
+        std::list<eap::config_provider> m_providers;    ///< Provider configurations
    };
 }
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -31,6 +31,11 @@ namespace eap
    /// Password based method credentials
    ///
    class credentials_pass;
    ///
    /// Connection credentials
    ///
    class credentials_connection;
 }
 #pragma once
@@ -47,6 +52,7 @@ namespace eap
 #include <tchar.h>
 #include <wincred.h>
 #include <memory>
 #include <string>
@@ -372,4 +378,107 @@ namespace eap
        static const unsigned char s_entropy[1024];
        /// \endcond
    };
    class credentials_connection : public config
    {
    public:
        ///
        /// Constructs credentials
        ///
        /// \param[in] mod  EAP module to use for global services
        /// \param[in] cfg  Connection configuration
        ///
        credentials_connection(_In_ module &mod, _In_ const config_connection &cfg);
        ///
        /// Copies credentials
        ///
        /// \param[in] other  Credentials to copy from
        ///
        credentials_connection(_In_ const credentials_connection &other);
        ///
        /// Moves credentials
        ///
        /// \param[in] other  Credentials to move from
        ///
        credentials_connection(_Inout_ credentials_connection &&other);
        ///
        /// Copies credentials
        ///
        /// \param[in] other  Credentials to copy from
        ///
        /// \returns Reference to this object
        ///
        credentials_connection& operator=(_In_ const credentials_connection &other);
        ///
        /// Moves credentials
        ///
        /// \param[in] other  Credentials to move from
        ///
        /// \returns Reference to this object
        ///
        credentials_connection& operator=(_Inout_ credentials_connection &&other);
        ///
        /// Clones configuration
        ///
        /// \returns Pointer to cloned configuration
        ///
        virtual config* clone() const;
        /// \name XML configuration management
        /// @{
        ///
        /// Save to XML document
        ///
        /// \param[in]  pDoc         XML document
        /// \param[in]  pConfigRoot  Suggested root element for saving
        ///
        virtual void save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const;
        ///
        /// Load from XML document
        ///
        /// \param[in]  pConfigRoot  Root element for loading
        ///
        virtual void load(_In_ IXMLDOMNode *pConfigRoot);
        /// @}
        /// \name BLOB management
        /// @{
        ///
        /// Packs a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator<<(_Inout_ cursor_out &cursor) const;
        ///
        /// Returns packed size of a configuration
        ///
        /// \returns Size of data when packed (in bytes)
        ///
        virtual size_t get_pk_size() const;
        ///
        /// Unpacks a configuration
        ///
        /// \param[inout] cursor  Memory cursor
        ///
        virtual void operator>>(_Inout_ cursor_in &cursor);
        /// @}
    public:
        const config_connection& m_cfg;         ///< Connection configuration
        std::wstring m_id;                      ///< Provider ID
        std::unique_ptr<credentials> m_cred;    ///< Credentials
    };
 }
--- a/lib/EAPBase/src/Config.cpp
+++ b/lib/EAPBase/src/Config.cpp
@@ -95,6 +95,9 @@ void eap::config::operator>>(_Inout_ cursor_in &cursor)
 }
 const bstr eap::config::namespace_eapmetadata(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
 //////////////////////////////////////////////////////////////////////
 // eap::config_method
 //////////////////////////////////////////////////////////////////////
@@ -156,11 +159,11 @@ eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_w
 eap::config_method_with_cred::config_method_with_cred(_Inout_ config_method_with_cred &&other) :
-    m_allow_save(std::move(other.m_allow_save)),
+    m_allow_save   (std::move(other.m_allow_save   )),
    m_use_preshared(std::move(other.m_use_preshared)),
-    m_preshared(std::move(other.m_preshared)),
+    m_preshared    (std::move(other.m_preshared    )),
-    m_auth_failed(std::move(other.m_auth_failed)),
+    m_auth_failed  (std::move(other.m_auth_failed  )),
-    config_method(std::move(other))
+    config_method  (std::move(other                ))
 {
 }
@@ -198,16 +201,15 @@ void eap::config_method_with_cred::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOM
    assert(pDoc);
    assert(pConfigRoot);
    const winstd::bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <ClientSideCredential>
    winstd::com_obj<IXMLDOMElement> pXmlElClientSideCredential;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, winstd::bstr(L"eap-metadata:ClientSideCredential"), winstd::bstr(L"ClientSideCredential"), namespace_eapmetadata, &pXmlElClientSideCredential)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ClientSideCredential> element.");
    // <ClientSideCredential>/<allow-save>
-    if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), bstrNamespace, m_allow_save)))
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, winstd::bstr(L"allow-save"), namespace_eapmetadata, m_allow_save)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <allow-save> element.");
    if (m_use_preshared)
@@ -285,16 +287,16 @@ eap::config_provider::config_provider(_In_ module &mod) :
 eap::config_provider::config_provider(_In_ const config_provider &other) :
-    m_read_only(other.m_read_only),
+    m_read_only         (other.m_read_only         ),
-    m_id(other.m_id),
+    m_id                (other.m_id                ),
-    m_name(other.m_name),
+    m_name              (other.m_name              ),
-    m_help_email(other.m_help_email),
+    m_help_email        (other.m_help_email        ),
-    m_help_web(other.m_help_web),
+    m_help_web          (other.m_help_web          ),
-    m_help_phone(other.m_help_phone),
+    m_help_phone        (other.m_help_phone        ),
    m_lbl_alt_credential(other.m_lbl_alt_credential),
-    m_lbl_alt_identity(other.m_lbl_alt_identity),
+    m_lbl_alt_identity  (other.m_lbl_alt_identity  ),
-    m_lbl_alt_password(other.m_lbl_alt_password),
+    m_lbl_alt_password  (other.m_lbl_alt_password  ),
-    config(other)
+    config              (other                     )
 {
    m_methods.reserve(other.m_methods.size());
    for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
@@ -303,17 +305,17 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
 eap::config_provider::config_provider(_Inout_ config_provider &&other) :
-    m_read_only(std::move(other.m_read_only)),
+    m_read_only         (std::move(other.m_read_only         )),
-    m_id(std::move(other.m_id)),
+    m_id                (std::move(other.m_id                )),
-    m_name(std::move(other.m_name)),
+    m_name              (std::move(other.m_name              )),
-    m_help_email(std::move(other.m_help_email)),
+    m_help_email        (std::move(other.m_help_email        )),
-    m_help_web(std::move(other.m_help_web)),
+    m_help_web          (std::move(other.m_help_web          )),
-    m_help_phone(std::move(other.m_help_phone)),
+    m_help_phone        (std::move(other.m_help_phone        )),
    m_lbl_alt_credential(std::move(other.m_lbl_alt_credential)),
-    m_lbl_alt_identity(std::move(other.m_lbl_alt_identity)),
+    m_lbl_alt_identity  (std::move(other.m_lbl_alt_identity  )),
-    m_lbl_alt_password(std::move(other.m_lbl_alt_password)),
+    m_lbl_alt_password  (std::move(other.m_lbl_alt_password  )),
-    m_methods(std::move(other.m_methods)),
+    m_methods           (std::move(other.m_methods           )),
-    config(std::move(other))
+    config              (std::move(other                     ))
 {
 }
@@ -345,17 +347,17 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
 eap::config_provider& eap::config_provider::operator=(_Inout_ config_provider &&other)
 {
    if (this != &other) {
-        (config&&)*this      = std::move(other);
+        (config&&)*this      = std::move(other                     );
-        m_read_only          = std::move(m_read_only);
+        m_read_only          = std::move(other.m_read_only         );
-        m_id                 = std::move(other.m_id);
+        m_id                 = std::move(other.m_id                );
-        m_name               = std::move(other.m_name);
+        m_name               = std::move(other.m_name              );
-        m_help_email         = std::move(other.m_help_email);
+        m_help_email         = std::move(other.m_help_email        );
-        m_help_web           = std::move(other.m_help_web);
+        m_help_web           = std::move(other.m_help_web          );
-        m_help_phone         = std::move(other.m_help_phone);
+        m_help_phone         = std::move(other.m_help_phone        );
        m_lbl_alt_credential = std::move(other.m_lbl_alt_credential);
-        m_lbl_alt_identity   = std::move(other.m_lbl_alt_identity);
+        m_lbl_alt_identity   = std::move(other.m_lbl_alt_identity  );
-        m_lbl_alt_password   = std::move(other.m_lbl_alt_password);
+        m_lbl_alt_password   = std::move(other.m_lbl_alt_password  );
-        m_methods            = std::move(other.m_methods);
+        m_methods            = std::move(other.m_methods           );
    }
    return *this;
@@ -372,72 +374,71 @@ void eap::config_provider::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
 {
    config::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <read-only>
-    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), bstrNamespace, m_read_only)))
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"read-only"), namespace_eapmetadata, m_read_only)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <read-only> element.");
    // <ID>
    if (!m_id.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), bstrNamespace, bstr(m_id))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"ID"), namespace_eapmetadata, bstr(m_id))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <ID> element.");
    // <ProviderInfo>
    com_obj<IXMLDOMElement> pXmlElProviderInfo;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), bstrNamespace, &pXmlElProviderInfo)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ProviderInfo"), bstr(L"ProviderInfo"), namespace_eapmetadata, &pXmlElProviderInfo)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ProviderInfo> element.");
    // <ProviderInfo>/<DisplayName>
    if (!m_name.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), bstrNamespace, bstr(m_name))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"DisplayName"), namespace_eapmetadata, bstr(m_name))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <DisplayName> element.");
    // <ProviderInfo>/<Helpdesk>
    com_obj<IXMLDOMElement> pXmlElHelpdesk;
-    if (FAILED(hr = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), bstrNamespace, &pXmlElHelpdesk)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pXmlElProviderInfo, bstr(L"eap-metadata:Helpdesk"), bstr(L"Helpdesk"), namespace_eapmetadata, &pXmlElHelpdesk)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <Helpdesk> element.");
    // <ProviderInfo>/<Helpdesk>/<EmailAddress>
    if (!m_help_email.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), bstrNamespace, bstr(m_help_email))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"EmailAddress"), namespace_eapmetadata, bstr(m_help_email))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <EmailAddress> element.");
    // <ProviderInfo>/<Helpdesk>/<WebAddress>
    if (!m_help_web.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), bstrNamespace, bstr(m_help_web))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"WebAddress"), namespace_eapmetadata, bstr(m_help_web))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <WebAddress> element.");
    // <ProviderInfo>/<Helpdesk>/<Phone>
    if (!m_help_phone.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), bstrNamespace, bstr(m_help_phone))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElHelpdesk, bstr(L"Phone"), namespace_eapmetadata, bstr(m_help_phone))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <Phone> element.");
    // <ProviderInfo>/<CredentialPrompt>
    if (!m_lbl_alt_credential.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), bstrNamespace, bstr(m_lbl_alt_credential))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"CredentialPrompt"), namespace_eapmetadata, bstr(m_lbl_alt_credential))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <CredentialPrompt> element.");
    // <ProviderInfo>/<UserNameLabel>
    if (!m_lbl_alt_identity.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), bstrNamespace, bstr(m_lbl_alt_identity))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"UserNameLabel"), namespace_eapmetadata, bstr(m_lbl_alt_identity))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserNameLabel> element.");
    // <ProviderInfo>/<PasswordLabel>
    if (!m_lbl_alt_password.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), bstrNamespace, bstr(m_lbl_alt_password))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElProviderInfo, bstr(L"PasswordLabel"), namespace_eapmetadata, bstr(m_lbl_alt_password))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <PasswordLabel> element.");
    // <AuthenticationMethods>
    com_obj<IXMLDOMElement> pXmlElAuthenticationMethods;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), bstrNamespace, &pXmlElAuthenticationMethods)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:AuthenticationMethods"), bstr(L"AuthenticationMethods"), namespace_eapmetadata, &pXmlElAuthenticationMethods)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethods> element.");
    for (vector<unique_ptr<config_method> >::const_iterator method = m_methods.cbegin(), method_end = m_methods.cend(); method != method_end; ++method) {
        // <AuthenticationMethod>
        com_obj<IXMLDOMElement> pXmlElAuthenticationMethod;
-        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), bstrNamespace, &pXmlElAuthenticationMethod)))
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"AuthenticationMethod"), namespace_eapmetadata, &pXmlElAuthenticationMethod)))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <AuthenticationMethod> element.");
        // <AuthenticationMethod>/...
@@ -619,14 +620,14 @@ eap::config_connection::config_connection(_In_ module &mod) : config(mod)
 eap::config_connection::config_connection(_In_ const config_connection &other) :
    m_providers(other.m_providers),
-    config(other)
+    config     (other            )
 {
 }
 eap::config_connection::config_connection(_Inout_ config_connection &&other) :
    m_providers(std::move(other.m_providers)),
-    config(std::move(other))
+    config     (std::move(other            ))
 {
 }
@@ -645,7 +646,7 @@ eap::config_connection& eap::config_connection::operator=(_In_ const config_conn
 eap::config_connection& eap::config_connection::operator=(_Inout_ config_connection &&other)
 {
    if (this != &other) {
-        (config&&)*this = std::move(other);
+        (config&&)*this = std::move(other            );
        m_providers     = std::move(other.m_providers);
    }
@@ -663,18 +664,17 @@ void eap::config_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
 {
    config::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
-    // Select <EAPIdentityProviderList> node.
+    // Create <EAPIdentityProviderList> node.
-    com_obj<IXMLDOMNode> pXmlElIdentityProviderList;
+    com_obj<IXMLDOMElement> pXmlElIdentityProviderList;
-    if (FAILED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), &pXmlElIdentityProviderList)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:EAPIdentityProviderList"), bstr(L"EAPIdentityProviderList"), namespace_eapmetadata, &pXmlElIdentityProviderList)))
-        throw com_runtime_error(hr, __FUNCTION__ " Error selecting <EAPIdentityProviderList> element.");
+        throw com_runtime_error(hr, __FUNCTION__ " Error creating <EAPIdentityProviderList> element.");
-    for (vector<config_provider>::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
+    for (provider_list::const_iterator provider = m_providers.cbegin(), provider_end = m_providers.cend(); provider != provider_end; ++provider) {
        // <EAPIdentityProvider>
        com_obj<IXMLDOMElement> pXmlElIdentityProvider;
-        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), bstrNamespace, &pXmlElIdentityProvider)))
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"EAPIdentityProvider"), namespace_eapmetadata, &pXmlElIdentityProvider)))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <EAPIdentityProvider> element.");
        // <EAPIdentityProvider>/...
@@ -733,10 +733,10 @@ void eap::config_connection::operator>>(_Inout_ cursor_in &cursor)
 {
    config::operator>>(cursor);
-    list<config_provider>::size_type count;
+    provider_list::size_type count;
    cursor >> count;
    m_providers.clear();
-    for (list<config_provider>::size_type i = 0; i < count; i++) {
+    for (provider_list::size_type i = 0; i < count; i++) {
        config_provider el(m_module);
        cursor >> el;
        m_providers.push_back(std::move(el));
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -90,11 +90,10 @@ void eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfi
    config::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <UserName>
-    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))))
+    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), namespace_eapmetadata, bstr(m_identity))))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <UserName> element.");
 }
@@ -145,9 +144,10 @@ wstring eap::credentials::get_identity() const
 tstring eap::credentials::get_name() const
 {
    if (empty()) return _T("<empty credentials>");
    tstring identity(std::move(get_identity()));
-    return !identity.empty() ? identity : _T("<blank identity>");
+    return
        !identity.empty() ? identity :
        empty()           ? _T("<empty>") : _T("<blank ID>");
 }
@@ -216,12 +216,11 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    credentials::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <Password>
    bstr pass(m_password);
-    hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
+    hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), namespace_eapmetadata, pass);
    SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
    if (FAILED(hr))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <Password> element.");
@@ -417,3 +416,151 @@ const unsigned char eap::credentials_pass::s_entropy[1024] = {
    0x30, 0x29, 0x39, 0x9a, 0xd6, 0xab, 0x2e, 0xc6, 0x42, 0x47, 0x5e, 0x54, 0xbb, 0x90, 0xe6, 0x98,
    0xe6, 0x52, 0x58, 0x58, 0x1e, 0xd0, 0x00, 0x9c, 0x8f, 0x4a, 0x17, 0x7e, 0x8a, 0x5a, 0xef, 0x3e,
 };
 //////////////////////////////////////////////////////////////////////
 // eap::credentials_connection
 //////////////////////////////////////////////////////////////////////
 eap::credentials_connection::credentials_connection(_In_ module &mod, _In_ const config_connection &cfg) :
    m_cfg(cfg),
    config(mod)
 {
 }
 eap::credentials_connection::credentials_connection(_In_ const credentials_connection &other) :
    m_cfg (other.m_cfg ),
    m_id  (other.m_id  ),
    m_cred(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr),
    config(other       )
 {
 }
 eap::credentials_connection::credentials_connection(_Inout_ credentials_connection &&other) :
    m_cfg (          other.m_cfg  ),
    m_id  (std::move(other.m_id  )),
    m_cred(std::move(other.m_cred)),
    config(std::move(other       ))
 {
 }
 eap::credentials_connection& eap::credentials_connection::operator=(_In_ const credentials_connection &other)
 {
    if (this != &other) {
        (config&)*this = other;
        m_id           = other.m_id;
        m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr);
    }
    return *this;
 }
 eap::credentials_connection& eap::credentials_connection::operator=(_Inout_ credentials_connection &&other)
 {
    if (this != &other) {
        (config&)*this = std::move(other       );
        m_id           = std::move(other.m_id  );
        m_cred         = std::move(other.m_cred);
    }
    return *this;
 }
 eap::config* eap::credentials_connection::clone() const
 {
    return new credentials_connection(*this);
 }
 void eap::credentials_connection::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot) const
 {
    assert(pDoc);
    assert(pConfigRoot);
    config::save(pDoc, pConfigRoot);
    HRESULT hr;
    // <IdentityProviderID>
    if (FAILED(hr = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"IdentityProviderID"), namespace_eapmetadata, bstr(m_id))))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <IdentityProviderID> element.");
    m_cred->save(pDoc, pConfigRoot);
 }
 void eap::credentials_connection::load(_In_ IXMLDOMNode *pConfigRoot)
 {
    assert(pConfigRoot);
    HRESULT hr;
    config::load(pConfigRoot);
    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
    if (FAILED(hr = eapxml::get_element_value(pConfigRoot, bstr(L"eap-metadata:IdentityProviderID"), m_id)))
        m_id.clear();
    m_module.log_config((xpath + L"/IdentityProviderID").c_str(), m_id.c_str());
    // Look-up the provider.
    for (config_connection::provider_list::const_iterator cfg_prov = m_cfg.m_providers.cbegin(), cfg_prov_end = m_cfg.m_providers.cend(); ; ++cfg_prov) {
        if (cfg_prov != cfg_prov_end) {
            if (_wcsicmp(cfg_prov->m_id.c_str(), m_id.c_str()) == 0) {
                // Matching provider found. Create matching blank credential set, then load.
                if (cfg_prov->m_methods.empty())
                    throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->m_id.c_str()).c_str());
                const config_method_with_cred *cfg_method = dynamic_cast<const config_method_with_cred*>(cfg_prov->m_methods.front().get());
                m_cred.reset(cfg_method->make_credentials());
                m_cred->load(pConfigRoot);
                break;
            }
        } else
            throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider ID within this connection configuration (provider ID: %ls).", m_id.c_str()).c_str());
    }
 }
 void eap::credentials_connection::operator<<(_Inout_ cursor_out &cursor) const
 {
    config::operator<<(cursor);
    cursor <<  m_id  ;
    cursor << *m_cred;
 }
 size_t eap::credentials_connection::get_pk_size() const
 {
    return
        config::get_pk_size() +
        pksizeof( m_id  ) +
        pksizeof(*m_cred);
 }
 void eap::credentials_connection::operator>>(_Inout_ cursor_in &cursor)
 {
    config::operator>>(cursor);
    cursor >>  m_id;
    // Look-up the provider.
    for (config_connection::provider_list::const_iterator cfg_prov = m_cfg.m_providers.cbegin(), cfg_prov_end = m_cfg.m_providers.cend(); ; ++cfg_prov) {
        if (cfg_prov != cfg_prov_end) {
            if (_wcsicmp(cfg_prov->m_id.c_str(), m_id.c_str()) == 0) {
                // Matching provider found. Create matching blank credential set, then read.
                if (cfg_prov->m_methods.empty())
                    throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->m_id.c_str()).c_str());
                const config_method_with_cred *cfg_method = dynamic_cast<const config_method_with_cred*>(cfg_prov->m_methods.front().get());
                m_cred.reset(cfg_method->make_credentials());
                cursor >> *m_cred;
                break;
            }
        } else
            throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider ID within this connection configuration (provider ID: %ls).", m_id.c_str()).c_str());
    }
 }
--- a/lib/EAPBase_UI/include/EAP_UI.h
+++ b/lib/EAPBase_UI/include/EAP_UI.h
@@ -21,7 +21,9 @@
 #include <wx/hyperlink.h>
 #include <wx/icon.h>
 #include <wx/intl.h>
 #include <wx/msgdlg.h>
 #include <wx/scrolwin.h>
 #include <wx/textdlg.h>
 #include <Windows.h>
@@ -41,10 +43,15 @@ template <class _wxT> class wxEAPConfigDialog;
 class wxEAPGeneralDialog;
 ///
-/// EAP top-most credential dialog
+/// EAP method credential dialog
 ///
 class wxEAPCredentialsDialog;
 ///
 /// EAP connection credential dialog
 ///
 class wxEAPCredentialsConnectionDialog;
 ///
 /// EAP general note
 ///
@@ -65,10 +72,15 @@ class wxEAPCredentialWarningPanel;
 ///
 class wxEAPConfigWindow;
 ///
 /// EAP provider contact info config panel
 ///
 class wxEAPProviderContactInfoPanel;
 ///
 /// EAP provider identity config panel
 ///
-class wxEAPProviderIdentityPanel;
+class wxEAPProviderIDPanel;
 ///
 /// EAP provider configuration dialog
@@ -187,7 +199,7 @@ public:
        this->SetIcon(wxIcon(wxICON(product.ico)));
 #endif
-        for (std::vector<eap::config_provider>::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
+        for (eap::config_connection::provider_list::iterator provider = m_cfg.m_providers.begin(), provider_end = m_cfg.m_providers.end(); provider != provider_end; ++provider) {
            bool is_single = provider->m_methods.size() == 1;
            std::vector<std::unique_ptr<eap::config_method> >::size_type count = 0;
            std::vector<std::unique_ptr<eap::config_method> >::iterator method = provider->m_methods.begin(), method_end = provider->m_methods.end();
@@ -199,8 +211,8 @@ public:
                        provider->m_id.c_str(),
                        m_providers),
                    is_single ?
-                        wxEAPGetProviderName(provider->m_id) :
+                        wxEAPGetProviderName(provider->m_name) :
-                        winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_id), count));
+                        winstd::tstring_printf(_T("%s (%u)"), wxEAPGetProviderName(provider->m_name), count));
        }
        this->Layout();
@@ -223,27 +235,83 @@ protected:
        }
    }
    virtual void OnUpdateUI(wxUpdateUIEvent& /*event*/)
    {
        int idx = m_providers->GetSelection();
        if (idx != wxNOT_FOUND) {
            eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
            m_prov_remove->Enable(true);
            m_prov_advanced->Enable(!cfg_provider.m_read_only);
        } else {
            m_prov_remove->Enable(false);
            m_prov_advanced->Enable(false);
        }
    }
    virtual void OnProvAdd(wxCommandEvent& /*event*/)
    {
        // One method
        std::unique_ptr<eap::config_method> cfg_method(m_cfg.m_module.make_config_method());
        // Create provider.
        eap::config_provider cfg_provider(m_cfg.m_module);
        GUID guid;
        CoCreateGuid(&guid);
        cfg_provider.m_id = std::move(winstd::wstring_guid(guid));
        cfg_provider.m_methods.push_back(std::move(cfg_method));
        // Append provider.
        m_cfg.m_providers.push_back(std::move(cfg_provider));
        eap::config_provider &cfg_provider2 = m_cfg.m_providers.back();
        eap::config_method *cfg_method2 = cfg_provider2.m_methods.front().get();
        m_providers->InsertPage(
            m_providers->GetSelection() + 1,
            new _wxT(
                cfg_provider2,
                *cfg_method2,
                cfg_provider2.m_id.c_str(),
                m_providers),
                wxEAPGetProviderName(cfg_provider2.m_name), true);
        this->Layout();
        this->Fit();
    }
    virtual void OnProvRemove(wxCommandEvent& /*event*/)
    {
        int idx = m_providers->GetSelection();
        eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
-        m_advanced->Enable(!cfg_provider.m_read_only);
+        if (wxMessageBox(tstring_printf(_("Are you sure you want to permanently remove %ls provider from configuration?"), cfg_provider.m_name.c_str()), _("Warning"), wxYES_NO, this) == wxYES) {
            // Delete provider.
            eap::config_connection::provider_list::iterator it(m_cfg.m_providers.begin());
            for (int i = 0; i < idx; i++, ++it);
            m_cfg.m_providers.erase(it);
            m_providers->DeletePage(idx);
            if (idx < m_providers->GetPageCount())
                m_providers->SetSelection(idx);
            this->Layout();
            this->Fit();
        }
    }
-    virtual void OnAdvanced(wxCommandEvent& /*event*/)
+
    virtual void OnProvAdvanced(wxCommandEvent& /*event*/)
    {
        int idx = m_providers->GetSelection();
        eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
        wxEAPConfigProvider dlg(cfg_provider, this);
        if (dlg.ShowModal() == wxID_OK)
-            m_providers->SetPageText(idx, wxEAPGetProviderName(cfg_provider.m_id));
+            m_providers->SetPageText(idx, wxEAPGetProviderName(cfg_provider.m_name));
    }
    /// \endcond
 protected:
    eap::config_connection &m_cfg;  ///< Connection configuration
 };
@@ -284,6 +352,21 @@ public:
 };
 class wxEAPCredentialsConnectionDialog : public wxEAPCredentialsConnectionDialogBase
 {
 public:
    ///
    /// Constructs a credential dialog
    ///
    wxEAPCredentialsConnectionDialog(wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("EAP Credentials"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
 protected:
    /// \cond internal
    virtual void OnInitDialog(wxInitDialogEvent& event);
    /// \endcond
 };
 class wxEAPNotePanel : public wxEAPNotePanelBase
 {
 public:
@@ -385,16 +468,16 @@ protected:
 };
-class wxEAPProviderIdentityPanel : public wxEAPProviderIdentityPanelBase
+class wxEAPProviderContactInfoPanel : public wxEAPProviderContactInfoPanelBase
 {
 public:
    ///
-    /// Constructs a provider identity pannel
+    /// Constructs a provider contact info pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
-    wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent);
+    wxEAPProviderContactInfoPanel(eap::config_provider &prov, wxWindow* parent);
    friend class wxEAPConfigProvider; // Allows direct setting of keyboard focus
@@ -405,7 +488,29 @@ protected:
    /// \endcond
 protected:
-    eap::config_provider &m_prov;   ///< EAP method configuration
+    eap::config_provider &m_prov;   ///< Provider configuration
 };
 class wxEAPProviderIDPanel : public wxEAPProviderIDPanelBase
 {
 public:
    ///
    /// Constructs a provider identity pannel
    ///
    /// \param[inout] prov    Provider configuration data
    /// \param[in]    parent  Parent window
    ///
    wxEAPProviderIDPanel(eap::config_provider &prov, wxWindow* parent);
 protected:
    /// \cond internal
    virtual bool TransferDataToWindow();
    virtual bool TransferDataFromWindow();
    /// \endcond
 protected:
    eap::config_provider &m_prov;   ///< Provider configuration
 };
@@ -443,9 +548,10 @@ public:
    wxEAPConfigProvider(eap::config_provider &prov, wxWindow *parent, wxWindowID id = wxID_ANY, const wxString &title = _("Provider Settings"), const wxPoint &pos = wxDefaultPosition, const wxSize &size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE);
 protected:
-    eap::config_provider &m_prov;           ///< EAP method configuration
+    eap::config_provider &m_prov;               ///< EAP method configuration
-    wxEAPProviderIdentityPanel *m_identity; ///< Provider identity panel
+    wxEAPProviderContactInfoPanel *m_contact;   ///< Provider contact info panel
-    wxEAPProviderLockPanel *m_lock;         ///< Provider lock panel
+    wxEAPProviderIDPanel *m_identity;           ///< Provider identity panel
    wxEAPProviderLockPanel *m_lock;             ///< Provider lock panel
 };
@@ -642,23 +748,19 @@ protected:
    inline void UpdateOwnIdentity()
    {
-        if (m_cred_own.empty())
+        wxString identity(m_cred_own.get_identity());
-            m_own_identity->SetValue(_("<empty credentials>"));
+        m_own_identity->SetValue(
-        else {
+            !identity.empty()  ? identity :
-            wxString identity(m_cred_own.get_name());
+            m_cred_own.empty() ? _("<empty>") : _("<blank ID>"));
            m_own_identity->SetValue(!identity.empty() ? identity : _("<blank identity>"));
        }
    }
    inline void UpdatePresharedIdentity()
    {
-        if (m_cred_preshared.empty())
+        wxString identity(m_cred_preshared.get_identity());
-            m_preshared_identity->SetValue(_("<empty credentials>"));
+        m_preshared_identity->SetValue(
-        else {
+            !identity.empty()        ? identity :
-            wxString identity(m_cred_preshared.get_name());
+            m_cred_preshared.empty() ? _("<empty>") : _("<blank ID>"));
            m_preshared_identity->SetValue(!identity.empty() ? identity : _("<blank identity>"));
        }
    }
    /// \endcond
@@ -773,7 +875,7 @@ public:
        bool layout = false;
        if (!m_prov.m_lbl_alt_credential.empty()) {
            m_credentials_label->SetLabel(m_prov.m_lbl_alt_credential);
-            m_credentials_label->Wrap( 446 );
+            m_credentials_label->Wrap( 445 );
            layout = true;
        }
--- a/lib/EAPBase_UI/res/wxEAP_UI.cpp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.cpp
@@ -34,10 +34,20 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	wxBoxSizer* sb_bottom_horiz_inner;
 	sb_bottom_horiz_inner = new wxBoxSizer( wxHORIZONTAL );
-	m_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
+	m_prov_add = new wxButton( this, wxID_ANY, _("+"), wxDefaultPosition, wxSize( 30,-1 ), 0 );
-	m_advanced->SetToolTip( _("Opens dialog with provider settings") );
+	m_prov_add->SetToolTip( _("Adds new provider") );
-	sb_bottom_horiz_inner->Add( m_advanced, 0, wxALL, 5 );
+	sb_bottom_horiz_inner->Add( m_prov_add, 0, wxALL, 5 );
 	m_prov_remove = new wxButton( this, wxID_ANY, _("-"), wxDefaultPosition, wxSize( 30,-1 ), 0 );
 	m_prov_remove->SetToolTip( _("Removes selected provider") );
 	sb_bottom_horiz_inner->Add( m_prov_remove, 0, wxALL, 5 );
 	m_prov_advanced = new wxButton( this, wxID_ANY, _("Advanced..."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_prov_advanced->SetToolTip( _("Opens dialog with provider settings") );
 	sb_bottom_horiz_inner->Add( m_prov_advanced, 0, wxALL, 5 );
 	sb_bottom_horiz->Add( sb_bottom_horiz_inner, 1, wxEXPAND, 5 );
@@ -62,7 +72,9 @@ wxEAPConfigDialogBase::wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id, c
 	// Connect Events
 	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Connect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
-	m_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
+	m_prov_add->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvAdd ), NULL, this );
 	m_prov_remove->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvRemove ), NULL, this );
 	m_prov_advanced->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvAdvanced ), NULL, this );
 }
 wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
@@ -70,7 +82,9 @@ wxEAPConfigDialogBase::~wxEAPConfigDialogBase()
 	// Disconnect Events
 	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPConfigDialogBase::OnInitDialog ) );
 	this->Disconnect( wxEVT_UPDATE_UI, wxUpdateUIEventHandler( wxEAPConfigDialogBase::OnUpdateUI ) );
-	m_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnAdvanced ), NULL, this );
+	m_prov_add->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvAdd ), NULL, this );
 	m_prov_remove->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvRemove ), NULL, this );
 	m_prov_advanced->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( wxEAPConfigDialogBase::OnProvAdvanced ), NULL, this );
 }
@@ -115,6 +129,48 @@ wxEAPGeneralDialogBase::~wxEAPGeneralDialogBase()
 }
 wxEAPCredentialsConnectionDialogBase::wxEAPCredentialsConnectionDialogBase( wxWindow* parent, wxWindowID id, const wxString& title, const wxPoint& pos, const wxSize& size, long style ) : wxDialog( parent, id, title, pos, size, style )
 {
 	this->SetSizeHints( wxDefaultSize, wxDefaultSize );
 	wxBoxSizer* sb_content;
 	sb_content = new wxBoxSizer( wxVERTICAL );
 	m_banner = new wxEAPBannerPanel( this );
 	sb_content->Add( m_banner, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_providers = new wxNotebook( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, 0 );
 	m_providers->SetExtraStyle( wxWS_EX_VALIDATE_RECURSIVELY );
 	sb_content->Add( m_providers, 1, wxEXPAND | wxALL, 5 );
 	m_buttons = new wxStdDialogButtonSizer();
 	m_buttonsOK = new wxButton( this, wxID_OK );
 	m_buttons->AddButton( m_buttonsOK );
 	m_buttonsCancel = new wxButton( this, wxID_CANCEL );
 	m_buttons->AddButton( m_buttonsCancel );
 	m_buttons->Realize();
 	sb_content->Add( m_buttons, 0, wxEXPAND|wxALL, 5 );
 	this->SetSizer( sb_content );
 	this->Layout();
 	sb_content->Fit( this );
 	// Connect Events
 	this->Connect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsConnectionDialogBase::OnInitDialog ) );
 }
 wxEAPCredentialsConnectionDialogBase::~wxEAPCredentialsConnectionDialogBase()
 {
 	// Disconnect Events
 	this->Disconnect( wxEVT_INIT_DIALOG, wxInitDialogEventHandler( wxEAPCredentialsConnectionDialogBase::OnInitDialog ) );
 }
 wxEAPBannerPanelBase::wxEAPBannerPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	this->SetBackgroundColour( wxSystemSettings::GetColour( wxSYS_COLOUR_HIGHLIGHT ) );
@@ -183,7 +239,7 @@ wxEAPCredentialsConfigPanelBase::wxEAPCredentialsConfigPanelBase( wxWindow* pare
 	sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
 	m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Manage credentials used to connect."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_credentials_label->Wrap( 446 );
+	m_credentials_label->Wrap( 445 );
 	sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_cred_radio;
@@ -308,7 +364,7 @@ wxEAPCredentialsPassPanelBase::wxEAPCredentialsPassPanelBase( wxWindow* parent,
 	sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
 	m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please provide your user ID and password."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_credentials_label->Wrap( 446 );
+	m_credentials_label->Wrap( 445 );
 	sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
 	wxFlexGridSizer* sb_credentials_tbl;
@@ -358,10 +414,114 @@ wxEAPCredentialsPassPanelBase::~wxEAPCredentialsPassPanelBase()
 {
 }
-wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
+wxEAPProviderContactInfoPanelBase::wxEAPProviderContactInfoPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_contact;
 	sb_provider_contact = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_contact_horiz;
 	sb_provider_contact_horiz = new wxBoxSizer( wxHORIZONTAL );
 	m_provider_contact_icon = new wxStaticBitmap( sb_provider_contact->GetStaticBox(), wxID_ANY, wxNullBitmap, wxDefaultPosition, wxDefaultSize, 0 );
 	sb_provider_contact_horiz->Add( m_provider_contact_icon, 0, wxALL, 5 );
 	wxBoxSizer* sb_provider_contact_vert;
 	sb_provider_contact_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_contact_label = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_contact_label->Wrap( 445 );
 	sb_provider_contact_vert->Add( m_provider_contact_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_provider_name;
 	sb_provider_name = new wxBoxSizer( wxVERTICAL );
 	m_provider_name_label = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_label->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
 	m_provider_name = new wxTextCtrl( sb_provider_contact->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
 	sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_name_note = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_name_note->Wrap( -1 );
 	sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
 	sb_provider_contact_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
 	wxBoxSizer* sb_provider_helpdesk;
 	sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
 	m_provider_helpdesk_label = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_helpdesk_label->Wrap( -1 );
 	sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
 	wxFlexGridSizer* sb_provider_helpdesk_inner;
 	sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
 	sb_provider_helpdesk_inner->AddGrowableCol( 1 );
 	sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
 	sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
 	m_provider_web_icon = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("¶"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web_icon->Wrap( -1 );
 	m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_web = new wxTextCtrl( sb_provider_contact->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web->SetToolTip( _("Your helpdesk website address") );
 	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_email_icon = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email_icon->Wrap( -1 );
 	m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_email = new wxTextCtrl( sb_provider_contact->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
 	sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_phone_icon = new wxStaticText( sb_provider_contact->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone_icon->Wrap( -1 );
 	m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
 	m_provider_phone = new wxTextCtrl( sb_provider_contact->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
 	sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 0, wxEXPAND, 5 );
 	sb_provider_contact_vert->Add( sb_provider_helpdesk, 0, wxEXPAND|wxALL, 5 );
 	sb_provider_contact_horiz->Add( sb_provider_contact_vert, 1, wxEXPAND, 5 );
 	sb_provider_contact->Add( sb_provider_contact_horiz, 1, wxEXPAND, 5 );
 	this->SetSizer( sb_provider_contact );
 	this->Layout();
 }
 wxEAPProviderContactInfoPanelBase::~wxEAPProviderContactInfoPanelBase()
 {
 }
 wxEAPProviderIDPanelBase::wxEAPProviderIDPanelBase( wxWindow* parent, wxWindowID id, const wxPoint& pos, const wxSize& size, long style ) : wxPanel( parent, id, pos, size, style )
 {
 	wxStaticBoxSizer* sb_provider_id;
-	sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Your Organization") ), wxVERTICAL );
+	sb_provider_id = new wxStaticBoxSizer( new wxStaticBox( this, wxID_ANY, _("Provider Unique Identifier") ), wxVERTICAL );
 	wxBoxSizer* sb_provider_id_horiz;
 	sb_provider_id_horiz = new wxBoxSizer( wxHORIZONTAL );
@@ -372,80 +532,28 @@ wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent
 	wxBoxSizer* sb_provider_id_vert;
 	sb_provider_id_vert = new wxBoxSizer( wxVERTICAL );
-	m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Describe your organization to customize user prompts.  When organization is introduced, end-users find program messages easier to understand and act."), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_id_label_outer = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Assign your organization a unique ID to allow sharing the same credential set across different network profiles."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_id_label->Wrap( 446 );
+	m_provider_id_label_outer->Wrap( 445 );
-	sb_provider_id_vert->Add( m_provider_id_label, 0, wxALL|wxEXPAND, 5 );
+	sb_provider_id_vert->Add( m_provider_id_label_outer, 0, wxALL|wxEXPAND, 5 );
-	wxBoxSizer* sb_provider_name;
+	wxBoxSizer* sb_provider_id_inner;
-	sb_provider_name = new wxBoxSizer( wxVERTICAL );
+	sb_provider_id_inner = new wxBoxSizer( wxVERTICAL );
-	m_provider_name_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Your organization &name:"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_id_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Provider unique &identifier:"), wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_name_label->Wrap( -1 );
+	m_provider_id_label->Wrap( -1 );
-	sb_provider_name->Add( m_provider_name_label, 0, wxBOTTOM, 5 );
+	sb_provider_id_inner->Add( m_provider_id_label, 0, wxBOTTOM, 5 );
-	m_provider_name = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_id = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_name->SetToolTip( _("Your organization name as it will appear on helpdesk contact notifications") );
+	m_provider_id->SetToolTip( _("Your organization ID to assign same credentials from other profiles") );
-	sb_provider_name->Add( m_provider_name, 0, wxEXPAND|wxBOTTOM, 5 );
+	sb_provider_id_inner->Add( m_provider_id, 0, wxEXPAND|wxBOTTOM, 5 );
-	m_provider_name_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Keep it short, please)"), wxDefaultPosition, wxDefaultSize, 0 );
+	m_provider_id_note = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("(Examples: contoso.com, DOT-UK, etc.)"), wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_name_note->Wrap( -1 );
+	m_provider_id_note->Wrap( -1 );
-	sb_provider_name->Add( m_provider_name_note, 0, wxALIGN_RIGHT, 5 );
+	sb_provider_id_inner->Add( m_provider_id_note, 0, wxALIGN_RIGHT, 5 );
-	sb_provider_id_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
+	sb_provider_id_vert->Add( sb_provider_id_inner, 0, wxEXPAND|wxALL, 5 );
 	wxBoxSizer* sb_provider_helpdesk;
 	sb_provider_helpdesk = new wxBoxSizer( wxVERTICAL );
 	m_provider_helpdesk_label = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("Helpdesk contact &information:"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_helpdesk_label->Wrap( -1 );
 	sb_provider_helpdesk->Add( m_provider_helpdesk_label, 0, wxBOTTOM, 5 );
 	wxFlexGridSizer* sb_provider_helpdesk_inner;
 	sb_provider_helpdesk_inner = new wxFlexGridSizer( 0, 2, 0, 0 );
 	sb_provider_helpdesk_inner->AddGrowableCol( 1 );
 	sb_provider_helpdesk_inner->SetFlexibleDirection( wxBOTH );
 	sb_provider_helpdesk_inner->SetNonFlexibleGrowMode( wxFLEX_GROWMODE_SPECIFIED );
 	m_provider_web_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("¶"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web_icon->Wrap( -1 );
 	m_provider_web_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_web_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_web = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_web->SetToolTip( _("Your helpdesk website address") );
 	sb_provider_helpdesk_inner->Add( m_provider_web, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_email_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _("*"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email_icon->Wrap( -1 );
 	m_provider_email_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_email_icon, 0, wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxRIGHT, 5 );
 	m_provider_email = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_email->SetToolTip( _("Your helpdesk e-mail address") );
 	sb_provider_helpdesk_inner->Add( m_provider_email, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL|wxBOTTOM, 5 );
 	m_provider_phone_icon = new wxStaticText( sb_provider_id->GetStaticBox(), wxID_ANY, _(")"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone_icon->Wrap( -1 );
 	m_provider_phone_icon->SetFont( wxFont( wxNORMAL_FONT->GetPointSize(), 70, 90, 90, false, wxT("Wingdings") ) );
 	sb_provider_helpdesk_inner->Add( m_provider_phone_icon, 0, wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
 	m_provider_phone = new wxTextCtrl( sb_provider_id->GetStaticBox(), wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_phone->SetToolTip( _("Your helpdesk phone number") );
 	sb_provider_helpdesk_inner->Add( m_provider_phone, 1, wxEXPAND|wxALIGN_CENTER_VERTICAL, 5 );
 	sb_provider_helpdesk->Add( sb_provider_helpdesk_inner, 1, wxEXPAND, 5 );
 	sb_provider_id_vert->Add( sb_provider_helpdesk, 1, wxEXPAND, 5 );
 	sb_provider_id_horiz->Add( sb_provider_id_vert, 1, wxEXPAND, 5 );
@@ -458,7 +566,7 @@ wxEAPProviderIdentityPanelBase::wxEAPProviderIdentityPanelBase( wxWindow* parent
 	this->Layout();
 }
-wxEAPProviderIdentityPanelBase::~wxEAPProviderIdentityPanelBase()
+wxEAPProviderIDPanelBase::~wxEAPProviderIDPanelBase()
 {
 }
@@ -477,21 +585,21 @@ wxEAPProviderLockPanelBase::wxEAPProviderLockPanelBase( wxWindow* parent, wxWind
 	sb_provider_lock_vert = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock_label = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("Your configuration can be locked to prevent accidental modification by end-users. Users will only be allowed to enter credentials."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_provider_lock_label->Wrap( 446 );
+	m_provider_lock_label->Wrap( 445 );
 	sb_provider_lock_vert->Add( m_provider_lock_label, 0, wxALL|wxEXPAND, 5 );
-	wxBoxSizer* sb_provider_name;
+	wxBoxSizer* sb_provider_lock_inner;
-	sb_provider_name = new wxBoxSizer( wxVERTICAL );
+	sb_provider_lock_inner = new wxBoxSizer( wxVERTICAL );
 	m_provider_lock = new wxCheckBox( sb_provider_lock->GetStaticBox(), wxID_ANY, _("&Lock this configuration and prevent any further modification via user interface."), wxDefaultPosition, wxDefaultSize, 0 );
-	sb_provider_name->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
+	sb_provider_lock_inner->Add( m_provider_lock, 0, wxEXPAND|wxBOTTOM, 5 );
 	m_provider_lock_note = new wxStaticText( sb_provider_lock->GetStaticBox(), wxID_ANY, _("(Warning: Once locked, you can not revert using this dialog!)"), wxDefaultPosition, wxDefaultSize, 0 );
 	m_provider_lock_note->Wrap( -1 );
-	sb_provider_name->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
+	sb_provider_lock_inner->Add( m_provider_lock_note, 0, wxALIGN_RIGHT, 5 );
-	sb_provider_lock_vert->Add( sb_provider_name, 0, wxEXPAND|wxALL, 5 );
+	sb_provider_lock_vert->Add( sb_provider_lock_inner, 0, wxEXPAND|wxALL, 5 );
 	sb_provider_lock_horiz->Add( sb_provider_lock_vert, 1, wxEXPAND, 5 );
--- a/lib/EAPBase_UI/res/wxEAP_UI.fbp
+++ b/lib/EAPBase_UI/res/wxEAP_UI.fbp
--- a/lib/EAPBase_UI/res/wxEAP_UI.h
+++ b/lib/EAPBase_UI/res/wxEAP_UI.h
@@ -48,7 +48,9 @@ class wxEAPConfigDialogBase : public wxDialog
 	protected:
 		wxEAPBannerPanel *m_banner;
 		wxNotebook* m_providers;
-		wxButton* m_advanced;
+		wxButton* m_prov_add;
 		wxButton* m_prov_remove;
 		wxButton* m_prov_advanced;
 		wxStdDialogButtonSizer* m_buttons;
 		wxButton* m_buttonsOK;
 		wxButton* m_buttonsCancel;
@@ -56,12 +58,14 @@ class wxEAPConfigDialogBase : public wxDialog
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
 		virtual void OnUpdateUI( wxUpdateUIEvent& event ) { event.Skip(); }
-		virtual void OnAdvanced( wxCommandEvent& event ) { event.Skip(); }
+		virtual void OnProvAdd( wxCommandEvent& event ) { event.Skip(); }
 		virtual void OnProvRemove( wxCommandEvent& event ) { event.Skip(); }
 		virtual void OnProvAdvanced( wxCommandEvent& event ) { event.Skip(); }
 	public:
-		wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Method Configuration"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
+		wxEAPConfigDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Connection Configuration"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
 		~wxEAPConfigDialogBase();
 };
@@ -91,6 +95,31 @@ class wxEAPGeneralDialogBase : public wxDialog
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPCredentialsConnectionDialogBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPCredentialsConnectionDialogBase : public wxDialog 
 {
 	private:
 	protected:
 		wxEAPBannerPanel *m_banner;
 		wxStdDialogButtonSizer* m_buttons;
 		wxButton* m_buttonsOK;
 		wxButton* m_buttonsCancel;
 		// Virtual event handlers, overide them in your derived class
 		virtual void OnInitDialog( wxInitDialogEvent& event ) { event.Skip(); }
 	public:
 		wxNotebook* m_providers;
 		wxEAPCredentialsConnectionDialogBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxString& title = _("EAP Credentials"), const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxDefaultSize, long style = wxDEFAULT_DIALOG_STYLE ); 
 		~wxEAPCredentialsConnectionDialogBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPBannerPanelBase
 ///////////////////////////////////////////////////////////////////////////////
@@ -185,15 +214,15 @@ class wxEAPCredentialsPassPanelBase : public wxEAPCredentialsPanelBase
 };
 ///////////////////////////////////////////////////////////////////////////////
-/// Class wxEAPProviderIdentityPanelBase
+/// Class wxEAPProviderContactInfoPanelBase
 ///////////////////////////////////////////////////////////////////////////////
-class wxEAPProviderIdentityPanelBase : public wxPanel 
+class wxEAPProviderContactInfoPanelBase : public wxPanel 
 {
 	private:
 	protected:
-		wxStaticBitmap* m_provider_id_icon;
+		wxStaticBitmap* m_provider_contact_icon;
-		wxStaticText* m_provider_id_label;
+		wxStaticText* m_provider_contact_label;
 		wxStaticText* m_provider_name_label;
 		wxTextCtrl* m_provider_name;
 		wxStaticText* m_provider_name_note;
@@ -207,8 +236,29 @@ class wxEAPProviderIdentityPanelBase : public wxPanel
 	public:
-		wxEAPProviderIdentityPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
+		wxEAPProviderContactInfoPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
-		~wxEAPProviderIdentityPanelBase();
+		~wxEAPProviderContactInfoPanelBase();
 };
 ///////////////////////////////////////////////////////////////////////////////
 /// Class wxEAPProviderIDPanelBase
 ///////////////////////////////////////////////////////////////////////////////
 class wxEAPProviderIDPanelBase : public wxPanel 
 {
 	private:
 	protected:
 		wxStaticBitmap* m_provider_id_icon;
 		wxStaticText* m_provider_id_label_outer;
 		wxStaticText* m_provider_id_label;
 		wxTextCtrl* m_provider_id;
 		wxStaticText* m_provider_id_note;
 	public:
 		wxEAPProviderIDPanelBase( wxWindow* parent, wxWindowID id = wxID_ANY, const wxPoint& pos = wxDefaultPosition, const wxSize& size = wxSize( 500,-1 ), long style = wxTAB_TRAVERSAL ); 
 		~wxEAPProviderIDPanelBase();
 };
--- a/lib/EAPBase_UI/src/EAP_UI.cpp
+++ b/lib/EAPBase_UI/src/EAP_UI.cpp
@@ -95,7 +95,45 @@ wxEAPCredentialsDialog::wxEAPCredentialsDialog(const eap::config_provider &prov,
    wxEAPGeneralDialog(parent, id, title, pos, size, style)
 {
    // Set banner title.
-    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_id).c_str()));
+    m_banner->m_title->SetLabel(wxString::Format(_("%s Credentials"), wxEAPGetProviderName(prov.m_name).c_str()));
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPCredentialsConnectionDialog
 //////////////////////////////////////////////////////////////////////
 wxEAPCredentialsConnectionDialog::wxEAPCredentialsConnectionDialog(wxWindow *parent, wxWindowID id, const wxString &title, const wxPoint &pos, const wxSize &size, long style) :
    wxEAPCredentialsConnectionDialogBase(parent, id, title, pos, size, style)
 {
    // Set extra style here, as wxFormBuilder overrides all default flags.
    this->SetExtraStyle(this->GetExtraStyle() | wxWS_EX_VALIDATE_RECURSIVELY);
    // Load window icons.
 #ifdef __WINDOWS__
    wxIconBundle icons;
    icons.AddIcon(wxIcon(wxT("product.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON)));
    icons.AddIcon(wxIcon(wxT("product.ico"), wxBITMAP_TYPE_ICO_RESOURCE, ::GetSystemMetrics(SM_CXICON  ), ::GetSystemMetrics(SM_CYICON  )));
    this->SetIcons(icons);
 #else
    this->SetIcon(wxIcon(wxICON(product.ico)));
 #endif
    // Set banner title.
    m_banner->m_title->SetLabel(_("EAP Credentials"));
    m_buttonsOK->SetDefault();
 }
 void wxEAPCredentialsConnectionDialog::OnInitDialog(wxInitDialogEvent& event)
 {
    // Forward the event to child panels.
    for (wxWindowList::compatibility_iterator provider = m_providers->GetChildren().GetFirst(); provider; provider = provider->GetNext()) {
        wxWindow *prov = wxDynamicCast(provider->GetData(), wxWindow);
        if (prov)
            prov->GetEventHandler()->ProcessEvent(event);
    }
 }
@@ -250,36 +288,36 @@ void wxEAPConfigWindow::OnInitDialog(wxInitDialogEvent& /*event*/)
 //////////////////////////////////////////////////////////////////////
-// wxEAPProviderIdentityPanel
+// wxEAPProviderContactInfoPanel
 //////////////////////////////////////////////////////////////////////
-wxEAPProviderIdentityPanel::wxEAPProviderIdentityPanel(eap::config_provider &prov, wxWindow* parent) :
+wxEAPProviderContactInfoPanel::wxEAPProviderContactInfoPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
-    wxEAPProviderIdentityPanelBase(parent)
+    wxEAPProviderContactInfoPanelBase(parent)
 {
    // Load and set icon.
    winstd::library lib_shell32;
    if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
-        m_provider_id_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(259)));
+        m_provider_contact_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(259)));
 }
-bool wxEAPProviderIdentityPanel::TransferDataToWindow()
+bool wxEAPProviderContactInfoPanel::TransferDataToWindow()
 {
-    m_provider_name ->SetValue(m_prov.m_id        );
+    m_provider_name ->SetValue(m_prov.m_name      );
    m_provider_web  ->SetValue(m_prov.m_help_web  );
    m_provider_email->SetValue(m_prov.m_help_email);
    m_provider_phone->SetValue(m_prov.m_help_phone);
-    return wxEAPProviderIdentityPanelBase::TransferDataToWindow();
+    return wxEAPProviderContactInfoPanelBase::TransferDataToWindow();
 }
-bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
+bool wxEAPProviderContactInfoPanel::TransferDataFromWindow()
 {
-    wxCHECK(wxEAPProviderIdentityPanelBase::TransferDataFromWindow(), false);
+    wxCHECK(wxEAPProviderContactInfoPanelBase::TransferDataFromWindow(), false);
-    m_prov.m_id         = m_provider_name ->GetValue();
+    m_prov.m_name       = m_provider_name ->GetValue();
    m_prov.m_help_web   = m_provider_web  ->GetValue();
    m_prov.m_help_email = m_provider_email->GetValue();
    m_prov.m_help_phone = m_provider_phone->GetValue();
@@ -288,6 +326,39 @@ bool wxEAPProviderIdentityPanel::TransferDataFromWindow()
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderIDPanel
 //////////////////////////////////////////////////////////////////////
 wxEAPProviderIDPanel::wxEAPProviderIDPanel(eap::config_provider &prov, wxWindow* parent) :
    m_prov(prov),
    wxEAPProviderIDPanelBase(parent)
 {
    // Load and set icon.
    winstd::library lib_shell32;
    if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
        m_provider_id_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(29)));
 }
 bool wxEAPProviderIDPanel::TransferDataToWindow()
 {
    m_provider_id->SetValue(m_prov.m_id);
    return wxEAPProviderIDPanelBase::TransferDataToWindow();
 }
 bool wxEAPProviderIDPanel::TransferDataFromWindow()
 {
    wxCHECK(wxEAPProviderIDPanelBase::TransferDataFromWindow(), false);
    m_prov.m_id = m_provider_id->GetValue();
    return true;
 }
 //////////////////////////////////////////////////////////////////////
 // wxEAPProviderLockPanel
 //////////////////////////////////////////////////////////////////////
@@ -332,13 +403,16 @@ wxEAPConfigProvider::wxEAPConfigProvider(eap::config_provider &prov, wxWindow *p
    // Set banner title.
    m_banner->m_title->SetLabel(title);
-    m_identity = new wxEAPProviderIdentityPanel(prov, this);
+    m_contact = new wxEAPProviderContactInfoPanel(prov, this);
    AddContent(m_contact);
    m_identity = new wxEAPProviderIDPanel(prov, this);
    AddContent(m_identity);
    m_lock = new wxEAPProviderLockPanel(prov, this);
    AddContent(m_lock);
-    m_identity->m_provider_name->SetFocusFromKbd();
+    m_contact->m_provider_name->SetFocusFromKbd();
 }
--- a/lib/Events/res/EventsETW.man
+++ b/lib/Events/res/EventsETW.man
--- a/lib/TLS/src/Config.cpp
+++ b/lib/TLS/src/Config.cpp
@@ -141,27 +141,26 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
    config_method_with_cred::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <ServerSideCredential>
    com_obj<IXMLDOMElement> pXmlElServerSideCredential;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), bstrNamespace, &pXmlElServerSideCredential)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ServerSideCredential"), bstr(L"ServerSideCredential"), namespace_eapmetadata, &pXmlElServerSideCredential)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerSideCredential> element.");
    for (list<cert_context>::const_iterator i = m_trusted_root_ca.begin(), i_end = m_trusted_root_ca.end(); i != i_end; ++i) {
        // <CA>
        com_obj<IXMLDOMElement> pXmlElCA;
-        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), bstrNamespace, &pXmlElCA)))
+        if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"CA"), namespace_eapmetadata, &pXmlElCA)))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <CA> element.");
        // <CA>/<format>
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElCA, bstr(L"format"), namespace_eapmetadata, bstr(L"PEM"))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
        // <CA>/<cert-data>
        const cert_context &cc = *i;
-        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), bstrNamespace, cc->pbCertEncoded, cc->cbCertEncoded)))
+        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElCA, bstr(L"cert-data"), namespace_eapmetadata, cc->pbCertEncoded, cc->cbCertEncoded)))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
        if (FAILED(hr = pXmlElServerSideCredential->appendChild(pXmlElCA, NULL)))
@@ -170,7 +169,7 @@ void eap::config_method_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *
    // <ServerName>
    for (list<wstring>::const_iterator i = m_server_names.begin(), i_end = m_server_names.end(); i != i_end; ++i) {
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), bstrNamespace, bstr(*i))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElServerSideCredential, bstr(L"ServerName"), namespace_eapmetadata, bstr(*i))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <ServerName> element.");
    }
 }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -95,26 +95,22 @@ void eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pC
    credentials::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <ClientCertificate>
    com_obj<IXMLDOMElement> pXmlElClientCertificate;
-    if (FAILED(hr = eapxml::create_element(pDoc, bstr(L"ClientCertificate"), bstrNamespace, &pXmlElClientCertificate)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, &pXmlElClientCertificate)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ClientCertificate> element.");
    if (m_cert) {
        // <ClientCertificate>/<format>
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), bstrNamespace, bstr(L"PEM"))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientCertificate, bstr(L"format"), namespace_eapmetadata, bstr(L"PEM"))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <format> element.");
        // <ClientCertificate>/<cert-data>
-        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), bstrNamespace, m_cert->pbCertEncoded, m_cert->cbCertEncoded)))
+        if (FAILED(hr = eapxml::put_element_base64(pDoc, pXmlElClientCertificate, bstr(L"cert-data"), namespace_eapmetadata, m_cert->pbCertEncoded, m_cert->cbCertEncoded)))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <cert-data> element.");
    }
    if (FAILED(hr = pConfigRoot->appendChild(pXmlElClientCertificate, NULL)))
        throw com_runtime_error(hr, __FUNCTION__ " Error appending <ClientCertificate> element.");
 }
@@ -303,14 +299,14 @@ eap::credentials::source_t eap::credentials_tls::combine(
    if (cred_cached) {
        // Using EAP service cached credentials.
        *this = *(credentials_tls*)cred_cached;
-        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
        return source_cache;
    }
    if (cfg.m_use_preshared) {
        // Using preshared credentials.
        *this = *(credentials_tls*)cfg.m_preshared.get();
-        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+        m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_PRESHARED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
        return source_preshared;
    }
@@ -321,7 +317,7 @@ eap::credentials::source_t eap::credentials_tls::combine(
            // Using stored credentials.
            *this = std::move(cred_loaded);
-            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED1, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data::blank);
+            m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_STORED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
            return source_storage;
        } catch (...) {
            // Not actually an error.
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@@ -298,7 +298,7 @@ void eap::method_tls::begin_session(
        NULL,                                                                 // aphMappers
        0,                                                                    // cSupportedAlgs: Use system configured default
        NULL,                                                                 // palgSupportedAlgs: Use system configured default
-        0,                                                                    // grbitEnabledProtocols: Use default
+        SP_PROT_TLS1_X_CLIENT | (SP_PROT_TLS1_2_CLIENT<<2),                   // grbitEnabledProtocols: TLS 1.x
        0,                                                                    // dwMinimumCipherStrength: Use system configured default
        0,                                                                    // dwMaximumCipherStrength: Use system configured default
        0,                                                                    // dwSessionLifespan: Use system configured default = 10hr
--- a/lib/TLS_UI/res/wxTLS_UI.cpp
+++ b/lib/TLS_UI/res/wxTLS_UI.cpp
@@ -26,7 +26,7 @@ wxEAPTLSServerTrustConfigPanelBase::wxEAPTLSServerTrustConfigPanelBase( wxWindow
 	sb_server_trust_vert = new wxBoxSizer( wxVERTICAL );
 	m_server_trust_label = new wxStaticText( sb_server_trust->GetStaticBox(), wxID_ANY, _("Describe the servers you trust to prevent credential interception in case of man-in-the-middle attacks."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_server_trust_label->Wrap( 446 );
+	m_server_trust_label->Wrap( 445 );
 	sb_server_trust_vert->Add( m_server_trust_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_root_ca;
@@ -129,7 +129,7 @@ wxTLSCredentialsPanelBase::wxTLSCredentialsPanelBase( wxWindow* parent, wxWindow
 	sb_credentials_vert = new wxBoxSizer( wxVERTICAL );
 	m_credentials_label = new wxStaticText( sb_credentials->GetStaticBox(), wxID_ANY, _("Please select your client certificate to use for authentication."), wxDefaultPosition, wxDefaultSize, 0 );
-	m_credentials_label->Wrap( 446 );
+	m_credentials_label->Wrap( 445 );
 	sb_credentials_vert->Add( m_credentials_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_cert_radio;
--- a/lib/TLS_UI/res/wxTLS_UI.fbp
+++ b/lib/TLS_UI/res/wxTLS_UI.fbp
@@ -242,7 +242,7 @@
                                        <property name="window_extra_style"></property>
                                        <property name="window_name"></property>
                                        <property name="window_style"></property>
-                                        <property name="wrap">446</property>
+                                        <property name="wrap">445</property>
                                        <event name="OnChar"></event>
                                        <event name="OnEnterWindow"></event>
                                        <event name="OnEraseBackground"></event>
@@ -1215,7 +1215,7 @@
                                        <property name="window_extra_style"></property>
                                        <property name="window_name"></property>
                                        <property name="window_style"></property>
-                                        <property name="wrap">446</property>
+                                        <property name="wrap">445</property>
                                        <event name="OnChar"></event>
                                        <event name="OnEnterWindow"></event>
                                        <event name="OnEraseBackground"></event>
--- a/lib/TTLS/include/Module.h
+++ b/lib/TTLS/include/Module.h
@@ -211,6 +211,18 @@ namespace eap
        /// @}
    protected:
        ///
        /// Checks all configured providers and tries to combine credentials.
        ///
        const config_method_ttls* combine_credentials(
            _In_                             DWORD                   dwFlags,
            _In_                       const config_connection       &cfg,
            _In_count_(dwUserDataSize) const BYTE                    *pUserData,
            _In_                             DWORD                   dwUserDataSize,
            _Out_                            credentials_connection& cred_out,
            _In_                             HANDLE                  hTokenImpersonateUser);
    protected:
        class session {
        public:
@@ -220,7 +232,7 @@ namespace eap
        public:
            module &m_module;                       ///< Module
            config_connection m_cfg;                ///< Connection configuration
-            credentials_ttls m_cred;                ///< User credentials
+            credentials_connection m_cred;          ///< Connection credentials
            std::unique_ptr<method_ttls> m_method;  ///< EAP-TTLS method
            // The following members are required to avoid memory leakage in get_result()
--- a/lib/TTLS/src/Config.cpp
+++ b/lib/TTLS/src/Config.cpp
@@ -29,8 +29,11 @@ using namespace winstd;
 //////////////////////////////////////////////////////////////////////
 eap::config_method_ttls::config_method_ttls(_In_ module &mod) :
    m_inner(new config_method_pap(mod)),
    config_method_tls(mod)
 {
    // TTLS is using blank pre-shared credentials per default.
    m_use_preshared = true;
 }
@@ -87,37 +90,69 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
    config_method_tls::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <ClientSideCredential>
    com_obj<IXMLDOMElement> pXmlElClientSideCredential;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), bstrNamespace, &pXmlElClientSideCredential)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, &pXmlElClientSideCredential)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <ClientSideCredential> element.");
    // <ClientSideCredential>/<AnonymousIdentity>
    if (!m_anonymous_identity.empty())
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), bstrNamespace, bstr(m_anonymous_identity))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <AnonymousIdentity> element.");
    // <InnerAuthenticationMethod>
    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
-    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), namespace_eapmetadata, &pXmlElInnerAuthenticationMethod)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <InnerAuthenticationMethod> element.");
    eap_type_t eap_type = m_inner->get_method_id();
    if (eap_type_noneap_start <= eap_type && eap_type < eap_type_noneap_end) {
        // <InnerAuthenticationMethod>/<NonEAPAuthMethod>
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), bstrNamespace, bstr(m_inner->get_method_str()))))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"NonEAPAuthMethod"), namespace_eapmetadata, bstr(m_inner->get_method_str()))))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <NonEAPAuthMethod> element.");
    } else {
        // <InnerAuthenticationMethod>/<EAPMethod>
-        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"EAPMethod"), bstrNamespace, (DWORD)m_inner->get_method_id())))
+        if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElInnerAuthenticationMethod, bstr(L"EAPMethod"), namespace_eapmetadata, (DWORD)m_inner->get_method_id())))
            throw com_runtime_error(hr, __FUNCTION__ " Error creating <EAPMethod> element.");
    }
    // <InnerAuthenticationMethod>/...
    m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);
    {
        com_obj<IXMLDOMNode> pXmlElClientSideCredential;
        if (SUCCEEDED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), &pXmlElClientSideCredential))) {
            // Fix 1: Pre-shared outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only.
            // To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside.
            if (m_use_preshared && m_preshared->empty()) {
                // For empty pre-shared client certificate <ClientCertificate/> must not be present.
                com_obj<IXMLDOMNode> pXmlElClientCertificate;
                if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate))) {
                    com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
                    hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld);
                }
            } else if (!m_use_preshared) {
                // When not using pre-shared (user must supply one), add empty <ClientCertificate/>.
                com_obj<IXMLDOMElement> pXmlElClientCertificate;
                hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, &pXmlElClientCertificate);
            }
            // Fix 2: draft-winter-opsawg-eap-metadata is using <OuterIdentity> name for <UserName> when referring to outer identity of EAP-TTLS.
            // GÉANTLink is using <UserName> for identities and usernames uniformly. Create <OuterIdentity> and remove <UserName>.
            com_obj<IXMLDOMElement> pXmlElUserName;
            if (SUCCEEDED(hr = eapxml::select_element(pXmlElClientSideCredential, bstr(L"eap-metadata:UserName"), &pXmlElUserName))) {
                bstr identity;
                if (SUCCEEDED(hr = pXmlElUserName->get_text(&identity))) {
                    if (SUCCEEDED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"OuterIdentity"), namespace_eapmetadata, identity))) {
                        com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
                        hr = pXmlElClientSideCredential->removeChild(pXmlElUserName, &pXmlElClientCertificateOld);
                    }
                }
            }
        }
    }
 }
@@ -126,6 +161,43 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
    assert(pConfigRoot);
    HRESULT hr;
    {
        com_obj<IXMLDOMNode> pXmlElClientSideCredential;
        if (SUCCEEDED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), &pXmlElClientSideCredential))) {
            com_obj<IXMLDOMDocument> pDoc;
            if (SUCCEEDED(hr = pXmlElClientSideCredential->get_ownerDocument(&pDoc))) {
                // Fix 1: Pre-shared outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only.
                // To keep our code clean, we do some pre-processing, to accept draft compliant XML on input, while keeping things simple on the inside.
                com_obj<IXMLDOMNode> pXmlElClientCertificate;
                if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), &pXmlElClientCertificate))) {
                    VARIANT_BOOL has_children;
                    if (SUCCEEDED(hr = pXmlElClientCertificate->hasChildNodes(&has_children)) && !has_children) {
                        // Empty <ClientCertificate/> means: do not use pre-shared credentials.
                        com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
                        hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld);
                    }
                } else {
                    // Nonexisting <ClientSideCredential> means: use blank pre-shared credentials.
                    com_obj<IXMLDOMElement> pXmlElClientCertificate;
                    hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, &pXmlElClientCertificate);
                }
                // Fix 2: draft-winter-opsawg-eap-metadata is using <OuterIdentity> name for <UserName> when referring to outer identity of EAP-TTLS.
                // GÉANTLink is using <UserName> for identities and usernames uniformly. Create <UserName> and remove <OuterIdentity>.
                com_obj<IXMLDOMElement> pXmlElOuterIdentity;
                if (SUCCEEDED(hr = eapxml::select_element(pXmlElClientSideCredential, bstr(L"eap-metadata:OuterIdentity"), &pXmlElOuterIdentity))) {
                    bstr identity;
                    if (SUCCEEDED(hr = pXmlElOuterIdentity->get_text(&identity))) {
                        if (SUCCEEDED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"UserName"), namespace_eapmetadata, identity))) {
                            com_obj<IXMLDOMNode> pXmlElClientCertificateOld;
                            hr = pXmlElClientSideCredential->removeChild(pXmlElOuterIdentity, &pXmlElClientCertificateOld);
                        }
                    }
                }
            }
        }
    }
    config_method_tls::load(pConfigRoot);
    std::wstring xpath(eapxml::get_xpath(pConfigRoot));
@@ -210,7 +282,9 @@ const wchar_t* eap::config_method_ttls::get_method_str() const
 eap::credentials* eap::config_method_ttls::make_credentials() const
 {
-    return new credentials_ttls(m_module);
+    credentials_ttls *cred = new credentials_ttls(m_module);
    cred->m_inner.reset(m_inner->make_credentials());
    return cred;
 }
@@ -227,14 +301,10 @@ eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ w
 eap::config_method_with_cred* eap::config_method_ttls::make_config_method(_In_ const wchar_t *eap_type) const
 {
-    if (_wcsicmp(eap_type, L"EAP-TLS") == 0)
+         if (_wcsicmp(eap_type, L"EAP-TLS" ) == 0) return new config_method_tls (m_module);
-        return new config_method_tls(m_module);
+    else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0) return new config_method_ttls(m_module);
-    else if (_wcsicmp(eap_type, L"EAP-TTLS") == 0)
+    else if (_wcsicmp(eap_type, L"PAP"     ) == 0) return new config_method_pap (m_module);
-        return new config_method_ttls(m_module);
+    else                                           throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
    else if (_wcsicmp(eap_type, L"PAP") == 0)
        return new config_method_pap(m_module);
    else
        throw invalid_argument(__FUNCTION__ " Unsupported inner authentication method.");
 }
--- a/lib/TTLS/src/Credentials.cpp
+++ b/lib/TTLS/src/Credentials.cpp
@@ -96,18 +96,15 @@ void eap::credentials_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
    credentials_tls::save(pDoc, pConfigRoot);
    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
    HRESULT hr;
    // <InnerAuthenticationMethod>
-    winstd::com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
+    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
-    if (FAILED(hr = eapxml::create_element(pDoc, winstd::bstr(L"InnerAuthenticationMethod"), bstrNamespace, &pXmlElInnerAuthenticationMethod)))
+    if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:InnerAuthenticationMethod"), bstr(L"InnerAuthenticationMethod"), namespace_eapmetadata, &pXmlElInnerAuthenticationMethod)))
        throw com_runtime_error(hr, __FUNCTION__ " Error creating <InnerAuthenticationMethod> element.");
    // <InnerAuthenticationMethod>/...
    m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);
    if (FAILED(hr = pConfigRoot->appendChild(pXmlElInnerAuthenticationMethod, NULL)))
        throw com_runtime_error(hr, __FUNCTION__ " Error appending <InnerAuthenticationMethod> element.");
 }
--- a/lib/TTLS/src/Module.cpp
+++ b/lib/TTLS/src/Module.cpp
@@ -77,97 +77,28 @@ void eap::peer_ttls::get_identity(
    config_connection cfg(*this);
    unpack(cfg, pConnectionData, dwConnectionDataSize);
-    // Get method configuration.
+    // Combine credentials.
-    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
+    credentials_connection cred_out(*this, cfg);
-        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
+    const config_method_ttls *cfg_method = combine_credentials(dwFlags, cfg, pUserData, dwUserDataSize, cred_out, hTokenImpersonateUser);
    const config_provider &cfg_prov(cfg.m_providers.front());
    const config_method_ttls *cfg_method = dynamic_cast<const config_method_ttls*>(cfg_prov.m_methods.front().get());
    assert(cfg_method);
-#ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
+    if (cfg_method) {
-    // Unpack cached credentials.
+        // No UI will be necessary.
-    credentials_ttls cred_in(*this);
+        *pfInvokeUI = FALSE;
-    if (dwUserDataSize) {
+    } else {
-        cred_in.m_inner.reset(cfg_method->m_inner->make_credentials());
+        // Credentials missing or incomplete.
        unpack(cred_in, pUserData, dwUserDataSize);
    }
 #else
    UNREFERENCED_PARAMETER(pUserData);
    UNREFERENCED_PARAMETER(dwUserDataSize);
 #endif
    credentials_ttls cred_out(*this);
    cred_out.m_inner.reset(cfg_method->m_inner->make_credentials());
    // Assume no UI will be necessary.
    *pfInvokeUI = FALSE;
    {
        // Combine credentials. We could use eap::credentials_ttls() to do all the work, but we would not know which credentials is missing then.
        user_impersonator impersonating(hTokenImpersonateUser);
        // Combine outer credentials.
        LPCTSTR target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL;
        eap::credentials::source_t src_outer = cred_out.credentials_tls::combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            &cred_in,
 #else
            NULL,
 #endif
            *cfg_method,
            target_name);
        if (src_outer == eap::credentials::source_unknown) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)eap_type_tls), event_data::blank);
            *pfInvokeUI = TRUE;
        }
        // Combine inner credentials.
        eap::credentials::source_t src_inner = cred_out.m_inner->combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            cred_in.m_inner.get(),
 #else
            NULL,
 #endif
            *cfg_method->m_inner,
            target_name);
        if (src_inner == eap::credentials::source_unknown) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI1, event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
            *pfInvokeUI = TRUE;
        }
    }
    // If either of credentials is unknown, request UI.
    if (*pfInvokeUI) {
        if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
-            // Per-user authentication
+            // Per-user authentication, request UI.
            log_event(&EAPMETHOD_TRACE_EVT_CRED_INVOKE_UI2, event_data::blank);
            *pfInvokeUI = TRUE;
            return;
        } else {
-            // Per-machine authentication
+            // Per-machine authentication, cannot use UI.
            throw win_runtime_error(ERROR_NO_SUCH_USER, __FUNCTION__ " Credentials for per-machine authentication not available.");
        }
    }
    // If we got here, we have all credentials we need. But, wait!
    if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
        if (cfg_method->m_auth_failed) {
            // Outer: Credentials failed on last connection attempt.
            log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)eap_type_tls), event_data::blank);
            *pfInvokeUI = TRUE;
            return;
        }
        if (cfg_method->m_inner->m_auth_failed) {
            // Inner: Credentials failed on last connection attempt.
            log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM, event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
            *pfInvokeUI = TRUE;
            return;
        }
    }
    // Build our identity. ;)
-    wstring identity(std::move(cfg_method->get_public_identity(cred_out)));
+    wstring identity(std::move(cfg_method->get_public_identity((const credentials_ttls&)*cred_out.m_cred)));
    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
    size_t size = sizeof(WCHAR)*(identity.length() + 1);
    *ppwszIdentity = (WCHAR*)alloc_memory(size);
@@ -268,19 +199,26 @@ EAP_SESSION_HANDLE eap::peer_ttls::begin_session(
    // Unpack configuration.
    unpack(s->m_cfg, pConnectionData, dwConnectionDataSize);
    // Get method configuration.
    if (s->m_cfg.m_providers.empty() || s->m_cfg.m_providers.front().m_methods.empty())
        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
    config_provider &cfg_prov(s->m_cfg.m_providers.front());
    config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
    assert(cfg_method);
    // Unpack credentials.
    s->m_cred.m_inner.reset(cfg_method->m_inner->make_credentials());
    unpack(s->m_cred, pUserData, dwUserDataSize);
    config_method_ttls *cfg_method;
    for (config_connection::provider_list::iterator cfg_prov = s->m_cfg.m_providers.begin(), cfg_prov_end = s->m_cfg.m_providers.end();; ++cfg_prov) {
        if (cfg_prov != cfg_prov_end) {
            if (_wcsicmp(cfg_prov->m_id.c_str(), s->m_cred.m_id.c_str()) == 0) {
                // Matching provider found.
                if (cfg_prov->m_methods.empty())
                    throw invalid_argument(string_printf(__FUNCTION__ " %ls provider has no methods.", cfg_prov->m_id.c_str()).c_str());
                cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov->m_methods.front().get());
                break;
            }
        } else
            throw invalid_argument(string_printf(__FUNCTION__ " Credentials do not match to any provider ID within this connection configuration (provider ID: %ls).", s->m_cred.m_id.c_str()).c_str());
    }
    // We have configuration, we have credentials, create method.
-    s->m_method.reset(new method_ttls(*this, *cfg_method, s->m_cred));
+    s->m_method.reset(new method_ttls(*this, *cfg_method, *(credentials_ttls*)s->m_cred.m_cred.get()));
    // Initialize method.
    s->m_method->begin_session(dwFlags, pAttributeArray, hTokenImpersonateUser, dwMaxSendPacketSize);
@@ -401,6 +339,95 @@ void eap::peer_ttls::set_response_attributes(
 }
 const eap::config_method_ttls* eap::peer_ttls::combine_credentials(
    _In_                             DWORD                   dwFlags,
    _In_                       const config_connection       &cfg,
    _In_count_(dwUserDataSize) const BYTE                    *pUserData,
    _In_                             DWORD                   dwUserDataSize,
    _Out_                            credentials_connection& cred_out,
    _In_                             HANDLE                  hTokenImpersonateUser)
 {
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
    // Unpack cached credentials.
    credentials_connection cred_in(*this, cfg);
    if (dwUserDataSize)
        unpack(cred_in, pUserData, dwUserDataSize);
 #else
    UNREFERENCED_PARAMETER(pUserData);
    UNREFERENCED_PARAMETER(dwUserDataSize);
 #endif
    user_impersonator impersonating(hTokenImpersonateUser);
    for (config_connection::provider_list::const_iterator cfg_prov = cfg.m_providers.cbegin(), cfg_prov_end = cfg.m_providers.cend(); cfg_prov != cfg_prov_end; ++cfg_prov) {
        // Get method configuration.
        if (cfg_prov->m_methods.empty()) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_NO_METHOD, event_data(cfg_prov->m_id), event_data::blank);
            continue;
        }
        const config_method_ttls *cfg_method = dynamic_cast<const config_method_ttls*>(cfg_prov->m_methods.front().get());
        assert(cfg_method);
        // Combine credentials. We could use eap::credentials_ttls() to do all the work, but we would not know which credentials is missing then.
        credentials_ttls *cred = (credentials_ttls*)cfg_method->make_credentials();
        cred_out.m_cred.reset(cred);
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
        bool is_own = cred_in.m_cred && _wcsicmp(cred_in.m_id.c_str(), cfg_prov->m_id.c_str()) == 0;
 #endif
        // Combine outer credentials.
        LPCTSTR target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov->m_id.c_str() : NULL;
        eap::credentials::source_t src_outer = cred->credentials_tls::combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            is_own ? cred_in.m_cred.get() : NULL,
 #else
            NULL,
 #endif
            *cfg_method,
            target_name);
        if (src_outer == eap::credentials::source_unknown) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(cfg_prov->m_id), event_data((unsigned int)eap_type_tls), event_data::blank);
            continue;
        }
        // Combine inner credentials.
        eap::credentials::source_t src_inner = cred->m_inner->combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
            is_own ? ((credentials_ttls*)cred_in.m_cred.get())->m_inner.get() : NULL,
 #else
            NULL,
 #endif
            *cfg_method->m_inner,
            target_name);
        if (src_inner == eap::credentials::source_unknown) {
            log_event(&EAPMETHOD_TRACE_EVT_CRED_UNKNOWN3, event_data(cfg_prov->m_id), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
            continue;
        }
        // If we got here, we have all credentials we need. But, wait!
        if ((dwFlags & EAP_FLAG_MACHINE_AUTH) == 0) {
            if (cfg_method->m_auth_failed) {
                // Outer: Credentials failed on last connection attempt.
                log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM1, event_data(cfg_prov->m_id), event_data((unsigned int)eap_type_tls), event_data::blank);
                continue;
            }
            if (cfg_method->m_inner->m_auth_failed) {
                // Inner: Credentials failed on last connection attempt.
                log_event(&EAPMETHOD_TRACE_EVT_CRED_PROBLEM1, event_data(cfg_prov->m_id), event_data((unsigned int)cfg_method->m_inner->get_method_id()), event_data::blank);
                continue;
            }
        }
        cred_out.m_id = cfg_prov->m_id;
        return cfg_method;
    }
    return NULL;
 }
 //////////////////////////////////////////////////////////////////////
 // eap::peer_ttls::session
 //////////////////////////////////////////////////////////////////////
@@ -408,7 +435,7 @@ void eap::peer_ttls::set_response_attributes(
 eap::peer_ttls::session::session(_In_ module &mod) :
    m_module(mod),
    m_cfg(mod),
-    m_cred(mod),
+    m_cred(mod, m_cfg),
    m_blob_cfg(NULL)
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
    , m_blob_cred(NULL)
--- a/lib/TTLS_UI/res/wxTTLS_UI.cpp
+++ b/lib/TTLS_UI/res/wxTTLS_UI.cpp
@@ -26,7 +26,7 @@ wxTTLSConfigPanelBase::wxTTLSConfigPanelBase( wxWindow* parent, wxWindowID id, c
 	sb_outer_identity_vert = new wxBoxSizer( wxVERTICAL );
 	m_outer_identity_label = new wxStaticText( sb_outer_identity->GetStaticBox(), wxID_ANY, _("Select the user ID supplicant introduces itself as to authenticator:"), wxDefaultPosition, wxDefaultSize, 0 );
-	m_outer_identity_label->Wrap( 446 );
+	m_outer_identity_label->Wrap( 445 );
 	sb_outer_identity_vert->Add( m_outer_identity_label, 0, wxALL|wxEXPAND, 5 );
 	wxBoxSizer* sb_outer_identity_radio;
--- a/lib/TTLS_UI/res/wxTTLS_UI.fbp
+++ b/lib/TTLS_UI/res/wxTTLS_UI.fbp
@@ -242,7 +242,7 @@
                                        <property name="window_extra_style"></property>
                                        <property name="window_name"></property>
                                        <property name="window_style"></property>
-                                        <property name="wrap">446</property>
+                                        <property name="wrap">445</property>
                                        <event name="OnChar"></event>
                                        <event name="OnEnterWindow"></event>
                                        <event name="OnEraseBackground"></event>
--- a/lib/TTLS_UI/src/Module.cpp
+++ b/lib/TTLS_UI/src/Module.cpp
@@ -23,6 +23,9 @@
 using namespace std;
 using namespace winstd;
 static wxCriticalSection s_lock;
 static unsigned long s_init_ref_count = 0;
 //////////////////////////////////////////////////////////////////////
 // wxInitializerPeer
@@ -102,26 +105,7 @@ void eap::peer_ttls_ui::invoke_config_ui(
        // Load existing configuration.
        unpack(cfg, pConnectionDataIn, dwConnectionDataInSize);
    } else {
-        // This is a blank network profile. Create default configuraton.
+        // This is a blank network profile. `cfg` is already set to defaults.
        // Inner configuration: PAP
        config_method_pap *cfg_method_inner = new config_method_pap(*this);
        cfg_method_inner->m_use_preshared = false;
        cfg_method_inner->m_preshared(new credentials_pap(*this));
        // Outer configuration
        unique_ptr<config_method_ttls> cfg_method(new config_method_ttls(*this));
        cfg_method->m_anonymous_identity = L"@";
        cfg_method->m_use_preshared = true;
        cfg_method->m_preshared.reset(new credentials_tls(*this));
        cfg_method->m_inner.reset(cfg_method_inner);
        // One method
        config_provider cfg_provider(*this);
        cfg_provider.m_methods.push_back(std::move(cfg_method));
        // One provider
        cfg.m_providers.push_back(std::move(cfg_provider));
    }
    int result;
@@ -170,51 +154,21 @@ void eap::peer_ttls_ui::invoke_identity_ui(
    config_connection cfg(*this);
    unpack(cfg, pConnectionData, dwConnectionDataSize);
    // Get method configuration.
    if (cfg.m_providers.empty() || cfg.m_providers.front().m_methods.empty())
        throw invalid_argument(__FUNCTION__ " Configuration has no providers and/or methods.");
    const config_provider &cfg_prov(cfg.m_providers.front());
    config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov.m_methods.front().get());
    assert(cfg_method);
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
    // Unpack cached credentials.
-    credentials_ttls cred_in(*this);
+    credentials_connection cred_in(*this, cfg);
-    if (dwUserDataSize) {
+    if (dwUserDataSize)
        s->m_cred.m_inner.reset(cfg_method->m_inner->make_credentials());
        unpack(cred_in, pUserData, dwUserDataSize);
    }
 #else
    UNREFERENCED_PARAMETER(pUserData);
    UNREFERENCED_PARAMETER(dwUserDataSize);
 #endif
-    credentials_ttls cred_out(*this);
+    credentials_connection cred_out(*this, cfg);
-    cred_out.m_inner.reset(cfg_method->m_inner->make_credentials());
+    config_method_ttls *cfg_method = NULL;
-    // Combine credentials. Outer and inner separately to get the idea which one is missing.
+    vector<pair<config_method_ttls*, credentials_connection> > cred_method_store;
-    eap::credentials::source_t cred_source = cred_out.credentials_tls::combine(
+    cred_method_store.reserve(cfg.m_providers.size());
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
        &cred_in,
 #else
        NULL,
 #endif
        *cfg_method,
        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL);
    eap::credentials::source_t cred_source_inner = cred_out.m_inner->combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
        cred_in.m_inner.get(),
 #else
        NULL,
 #endif
        *cfg_method->m_inner,
        (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov.m_id.c_str() : NULL);
    if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
        // Disable credential saving for guests.
        cfg_method->m_allow_save = false;
        cfg_method->m_inner->m_allow_save = false;
    }
    int result;
    {
@@ -228,39 +182,110 @@ void eap::peer_ttls_ui::invoke_identity_ui(
            parent.AdoptAttributesFromHWND();
            wxTopLevelWindows.Append(&parent);
-            // Create credentials dialog.
+            // Create credentials dialog and populate it with providers.
-            wxEAPCredentialsDialog dlg(cfg_prov, &parent);
+            bool combined = false;
-            wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(cfg_prov, *cfg_method, cred_out, cfg_prov.m_id.c_str(), &dlg);
+            wxEAPCredentialsConnectionDialog dlg(&parent);
-            dlg.AddContent(panel);
+            for (config_connection::provider_list::iterator cfg_prov = cfg.m_providers.begin(), cfg_prov_end = cfg.m_providers.end(); cfg_prov != cfg_prov_end; ++cfg_prov) {
                // Get method configuration.
                if (cfg_prov->m_methods.empty()) {
                    log_event(&EAPMETHOD_TRACE_EVT_CRED_NO_METHOD, event_data(cfg_prov->m_id), event_data::blank);
                    continue;
                }
                config_method_ttls *cfg_method = dynamic_cast<config_method_ttls*>(cfg_prov->m_methods.front().get());
                assert(cfg_method);
-            // Set "Remember" checkboxes according to credential source,
+                // Prepare new set of credentials for given provider.
-            panel->m_outer_cred->SetRemember(cred_source == eap::credentials::source_storage);
+                credentials_connection cred_method(*this, cfg);
-            panel->m_inner_cred->SetRemember(cred_source_inner == eap::credentials::source_storage);
+                cred_method.m_id = cfg_prov->m_id;
                credentials_ttls *_cred_method = (credentials_ttls*)cfg_method->make_credentials();
                cred_method.m_cred.reset(_cred_method);
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
                bool is_own = cred_in.m_cred && _wcsicmp(cred_in.m_id.c_str(), cfg_prov->m_id.c_str()) == 0;
 #endif
                // Combine outer credentials.
                LPCTSTR target_name = (dwFlags & EAP_FLAG_GUEST_ACCESS) == 0 ? cfg_prov->m_id.c_str() : NULL;
                eap::credentials::source_t src_outer = _cred_method->credentials_tls::combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
                    is_own ? cred_in.m_cred.get() : NULL,
 #else
                    NULL,
 #endif
                    *cfg_method,
                    target_name);
                // Combine inner credentials.
                eap::credentials::source_t src_inner = _cred_method->m_inner->combine(
 #ifdef EAP_USE_NATIVE_CREDENTIAL_CACHE
                    is_own ? ((credentials_ttls*)cred_in.m_cred.get())->m_inner.get() : NULL,
 #else
                    NULL,
 #endif
                    *cfg_method->m_inner,
                    target_name);
                if (dwFlags & EAP_FLAG_GUEST_ACCESS) {
                    // Disable credential saving for guests.
                    cfg_method->m_allow_save = false;
                    cfg_method->m_inner->m_allow_save = false;
                }
                // Create method credentials panel.
                wxTTLSCredentialsPanel *panel = new wxTTLSCredentialsPanel(*cfg_prov, *cfg_method, *_cred_method, cfg_prov->m_id.c_str(), dlg.m_providers);
                // Set "Remember" checkboxes according to credential source,
                panel->m_outer_cred->SetRemember(src_outer == eap::credentials::source_storage);
                panel->m_inner_cred->SetRemember(src_inner == eap::credentials::source_storage);
                // Add panel to choice-book. Select the first one to have known sources.
                if (!combined && src_outer != eap::credentials::source_unknown && src_inner != eap::credentials::source_unknown) {
                    if (dlg.m_providers->AddPage(panel, wxEAPGetProviderName(cfg_prov->m_name), true)) {
                        cred_method_store.push_back(pair<config_method_ttls*, credentials_connection>(cfg_method, std::move(cred_method)));
                        combined = true;
                    }
                } else
                    if (dlg.m_providers->AddPage(panel, wxEAPGetProviderName(cfg_prov->m_name), false))
                        cred_method_store.push_back(pair<config_method_ttls*, credentials_connection>(cfg_method, std::move(cred_method)));
            }
            // Update dialog layout.
            dlg.Layout();
            dlg.GetSizer()->Fit(&dlg);
            // Centre and display dialog.
            dlg.Centre(wxBOTH);
            result = dlg.ShowModal();
            if (result == wxID_OK) {
-                // Write credentials to credential manager.
+                int idx_prov = dlg.m_providers->GetSelection();
-                if (panel->m_outer_cred->GetRemember()) {
+                if (idx_prov != wxNOT_FOUND) {
-                    try {
+                    wxTTLSCredentialsPanel *panel = dynamic_cast<wxTTLSCredentialsPanel*>(dlg.m_providers->GetPage(idx_prov));
-                        cred_out.credentials_tls::store(cfg_prov.m_id.c_str());
+                    pair<config_method_ttls*, credentials_connection> &res = cred_method_store[idx_prov];
-                    } catch (winstd::win_runtime_error &err) {
+                    cfg_method = res.first;
-                        wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
+                    cred_out = res.second;
-                    } catch (...) {
+                    credentials_ttls *_cred_out = dynamic_cast<credentials_ttls*>(cred_out.m_cred.get());
                        wxLogError(_("Writing credentials failed."));
                    }
                }
-                if (panel->m_inner_cred->GetRemember()) {
+                    // Write credentials to credential manager.
-                    try {
+                    if (panel->m_outer_cred->GetRemember()) {
-                        cred_out.m_inner->store(cfg_prov.m_id.c_str());
+                        try {
-                    } catch (winstd::win_runtime_error &err) {
+                            _cred_out->credentials_tls::store(cred_out.m_id.c_str());
-                        wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
+                        } catch (winstd::win_runtime_error &err) {
-                    } catch (...) {
+                            wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
-                        wxLogError(_("Writing credentials failed."));
+                        } catch (...) {
                            wxLogError(_("Writing credentials failed."));
                        }
                    }
-                }
+
                    if (panel->m_inner_cred->GetRemember()) {
                        try {
                            _cred_out->m_inner->store(cred_out.m_id.c_str());
                        } catch (winstd::win_runtime_error &err) {
                            wxLogError(winstd::tstring_printf(_("Error writing credentials to Credential Manager: %hs (error %u)"), err.what(), err.number()).c_str());
                        } catch (...) {
                            wxLogError(_("Writing credentials failed."));
                        }
                    }
                } else
                    result = wxID_CANCEL;
            }
            wxTopLevelWindows.DeleteObject(&parent);
@@ -272,7 +297,7 @@ void eap::peer_ttls_ui::invoke_identity_ui(
        throw win_runtime_error(ERROR_CANCELLED, __FUNCTION__ " Cancelled.");
    // Build our identity. ;)
-    wstring identity(move(cfg_method->get_public_identity(cred_out)));
+    wstring identity(std::move(cfg_method->get_public_identity((const credentials_ttls&)*cred_out.m_cred)));
    log_event(&EAPMETHOD_TRACE_EVT_CRED_OUTER_ID1, event_data((unsigned int)eap_type_ttls), event_data(identity), event_data::blank);
    size_t size = sizeof(WCHAR)*(identity.length() + 1);
    *ppwszIdentity = (WCHAR*)alloc_memory(size);
@@ -306,6 +331,10 @@ void eap::peer_ttls_ui::invoke_interactive_ui(
 wxInitializerPeer::wxInitializerPeer(_In_ HINSTANCE instance)
 {
    wxCriticalSectionLocker locker(s_lock);
    if (s_init_ref_count++)
        return;
    // Initialize application.
    new wxApp();
    wxEntryStart(instance);
@@ -321,5 +350,9 @@ wxInitializerPeer::wxInitializerPeer(_In_ HINSTANCE instance)
 wxInitializerPeer::~wxInitializerPeer()
 {
    wxCriticalSectionLocker locker(s_lock);
    if (--s_init_ref_count)
        return;
    wxEntryCleanup();
 }
--- a/lib/TTLS_UI/src/StdAfx.h
+++ b/lib/TTLS_UI/src/StdAfx.h
@@ -28,3 +28,4 @@
 #include "../../PAP_UI/include/PAP_UI.h"
 #include <wx/app.h>
 #include <wx/thread.h>
--- a/lib/WinStd
+++ b/lib/WinStd
Author	SHA1	Message	Date
Simon Rozman	2339b6b347	Version set to 1.0-alpha16	2016-08-31 18:40:45 +02:00
Simon Rozman	171e924dcf	Estimated flag to enable TLS 1.3 once available added	2016-08-31 18:40:28 +02:00
Simon Rozman	281c3ee083	Schannel tweaked to support TLS 1.2 now (closes #16)	2016-08-31 18:13:24 +02:00
Simon Rozman	145c21682e	Support for configuring provider ID using GUI added	2016-08-31 17:41:22 +02:00
Simon Rozman	0d221d4401	wxWidgets initialization reference counter introduced to prevent second initialization, as we recorded a case where EapHost called our GUI twice in the same DllHost.exe process.	2016-08-31 17:13:59 +02:00
Simon Rozman	d9bfcc3e49	Credential identities are more carefully prepared for display now	2016-08-31 16:50:12 +02:00
Simon Rozman	60f1b4ccfb	Pre&post-processing of XML configuration introduced to allow draft-winter-opsawg-eap-metadata-02 compliant XML profiles on the outside, while maintaining internal simplicity	2016-08-31 16:33:19 +02:00
Simon Rozman	c9be6f4f7b	Support for multiple identity providers of draft-winter-opsawg-eap-metadata XML configuration added	2016-08-31 14:39:27 +02:00
Simon Rozman	452fa4b9dc	Inserting single-occurrence XML elements with children simplified	2016-08-31 09:48:11 +02:00
Simon Rozman	68aec5dfb4	Namespace name is static member now	2016-08-31 08:43:03 +02:00
Simon Rozman	3f49f3e975	Event Monitor shortcut description dropped as it will not be localized	2016-08-31 02:53:19 +02:00
Simon Rozman	04213715b0	UI texts updated	2016-08-31 01:25:44 +02:00
Simon Rozman	510bbe10f6	Template for creating XML configuration simplified	2016-08-31 00:41:16 +02:00
Simon Rozman	5dfd079686	Support for multi-provider management added to GUI	2016-08-31 00:36:19 +02:00
Simon Rozman	858486412e	Confusion between provider ID and provider name resolved	2016-08-30 21:10:10 +02:00
Simon Rozman	8b266f086f	Code clean-up	2016-08-30 17:44:21 +02:00
Simon Rozman	c40306c624	<Error getting property (error 13)> issue with log parameters solved	2016-08-30 17:43:56 +02:00