Hi,
I am working on a concept for remote access where the authentication source will be AD, however, I am looking at having an additional source of information (SQL server) where there will so-called work-permits stored, with status approved or not.
I was wondering if anyone has a tip on how i would go about having a splash page where the user would have to authenticate with AD password, + the option to enter a work permit number that would be matched towards a database. If the work permit it either not approved, or has a time frame set that doesnt match the time the user is trying to logon, the authentication should not go through.
scenario:
User A logs onto a terminal server in a DMZ. From there he will start a new RDP session, web session og similar to host on the inside of a production firewall. Once he tries to access this host, there should be a proxy diversion to a splash page where he must authenticate again, + enter his work permit#. Clearpass should then check realtime in the SQL database if that workpermit is ready or not (by status or time frame).
Hope this makes sense, appreciate any feedback!