What I'm trying to accomplish:
Self-registration page with sponsor verification before activating the guestaccount.
Since it can be hard for the guest to remember the exact spelling of the sponsors name/email address I thought I'd simply add a drop-down list where the guest simply selects the department he wants to visit.
In this drop-down list the department name is linked to the departments email address which is a distribution list so that the entire department receives the request and could OK the sponsor request by loging in with their AD credentials.
a) First, I would have expected that the policy manager default service [Policy Manager Admin Network Login Service] would be able to handle these sponsor logons with its "Connection - NAD-IP-Address - EQUALS - 127.0.0.1" service rule. It isn't.
So I created an application service which checks for an AD group and returns an application accept enforcement profile.
Access tracker shows this as an accept, but the sponsor is still unable to logon. The sponsor himself sees a "user or password error" being returned.
I cur down on the process by entering a fixed sponsor email address into the respective form but this does not help me get any further.
Anybody got a clue why my sponsors are being denied even though access tracker sees the application accept?