SAE support is broadcast in the beacon frame and probe response by the access point in the RSN information element.

The Wi-Fi station can decide if it wishes to connect with the access point by looking into the beacon and probe response frames. In case, the station supports SAE as well, it will send the 802.11 Authentication SAE commit message to the access point.

As can be seen in the commit message above, the Diffie-Hellman group that is used in group 19. The commit-scalar and the commit-element (Finite Field Element) is sent by the station to the access point. The access point responds to the Wi-Fi station with its own commit-scalar and commit-element as shown below:

As can be seen in the confirm messages sent by the access point and the Wi-Fi station, the Password Element is not shared between the AP and the station in these messages transacted. The Wi-Fi station computes the relevant secret key and composes the confirm message and sends the confirm message to the access point and vice-versa. This is shown below:

If both the access point and the Wi-Fi station are successfully able to verify the confirm value, then the Wi-Fi station and access point have generated a Pairwise Master Key (PMK) unique to the access point/Wi-Fi connection. The station can now send the access point the association request frame and association response frame is sent back by the access point. The Wi-Fi station and access point now engage in the 4-way handshake to derive the temporal keys for the connection session.

NOTE: In WPA3-SAE personal, Protected Management Frame (802.11w Management frame protection) support is mandated and enforced.

RSN Extended Information Element (RSNXE)