Are you talking about web ressources or what, that is authenticated against AD?
Just activate two authentications on your realm, i.e. 1. 2-factor, 2. AD.
The post the Username + Password (username and password) to the ressources, authenticating against AD.
Thanks for the reply! It's primarily Citrix and OWA that we need to authenticate to although there are several others.
We are, as you suggest, 'stacking' the authentications for some of our clients so that on the login page they are asked for both sets and doing SSO that way. The unfortunate thing for me is we have a different portal product installed (that we're trying to replace with the IVE) that has it's own password store that can be written to. Which we are with a password synchronization utility. With this set up users are only asked for the 2 factor username and passcode and the portal then looks up the other stuff and passes it to the downstream app. So, regardless of what functionality I add with the IVE I'm taking away that piece of functionality which seems to be much loved and too costly for some to make the change.
Thanks for the reply!
We've got an SBR server for other reasons that is doing SecurID authentication as well. I can leverage that if required and I did see the LDAP/SQL scripting documentation and thought that that might help us.
I'm curious about your set up though... Do you have the AD credentials stored in the SQL Database on the SBR server or will SBR somehow get the credentials from AD? Are you then handing back the credentials to the IVE as a return attribute from the RADIUS auth? I'm very interested to hear what you've got set up.
I'm confident if I can get the credentials in the IVE as a variable then I can pass that to any resource I want. My struggle is finding a way to get the password there without the client putting it there themselves. I also don't want to be storing the password somewhere in such a form as to put those credentials at risk. Even though we understand that just by the mere ability for them to looked up by something that risk is already increased.