We have a SA4500 using AD as the authentication server. Any ideas on an easy way to implement a web form that would manage reservations, then during a reserved time grant access to additional resources?
When you say "during a reserved time grant access to additional resources" does this mean
1) User is already logged into IVE and will get more resources during the reserved time?
2) Or is it grant access to the IVE login itself?
In a perfect world:
The user would login and get access to a set of resources (a) and if they had reserved a session also get access to an additional resource set (b). If a&b are assigned only on login is not an issue.
I'm more focused on the backed process. My original thought was to use an additional AD group to grant additional (b) resources, but was told by our programmer that this was not acceptable. Manipulation of AD group by access to a web resource would not be prudent. I'm looking for other methods to accomplish the task.
I would change your AD to use LDAP, this would give you the ability to set role membership based on an LDAP field other than 'group'. This LDAP field would be modified by an external application. If you have policy evaluation enabled, a login/logout would not be required to auto-update roles, but would be limited/restricted to the update interval for the Realm.
I assume what you require is to only expose the bookmarks while a user is a member of a specific role to which they're mapped if a specific ldap field is set.
I'm not, yet, an LDAP role mapping expert, so you'll have to look elsewhere for implementation specifics, if your programmer approves.