We have a ACS 4.3.2 installed with users authenticating against an Active Directory database. The AD database not only authenticate the users but also assigns the group that is used to select IP address pool.
Now the requirements require to use token authentication with SafeNet. This authentication uses the same username but the password is composed of the original password + OTP.
The problem is that the SafeNet server doesn't return the group membership.
I've read about the Identity Store Sequence in ACS 5.x and I think I could use it in the following sequence:
! configure an Authentication Sequence using the SafeNet token server (this works with ACS 4.x)
I configure an Attribute Retrieval Sequence against the AD database. This would use the username only, no password and would retrieve the group membership.
Would this work?
Thanks in advance.