UAG: how to ‘embed’ into DCA?
-
I have to find a solution (if it exists in principle) for the following problem. I have a network with UAG DirectAccess SP1 RC installed. Configuration of the network corresponds to one described on http://www.microsoft.com/download/en/details.aspx?id=17146. I use ‘two-factor authentication’ with an external RADIUS server. The problem is: the RADIUS-сервер works differently than UAG expects. I cannot change behavior of the RADIUS-server. So I have found a workaround. The workaround will require to change behavior of DirectAccess Connectivity Assistant (DCA) software. Usual DCA behavior is: 1. An end-user wants to open, say, a file sharing 2. DCA shows pop-up window One-Time Password (OTP) Authentication that asks for OTP Credentials To have this my workaround solution working I need to change the sequence as the following: 1. An end-user wants to open, say, a file sharing 2. The client computer silently sends an authentication request to the RADIUS-server. The request uses name of the current user and a ‘fake’ OTP (say, ‘111111’). No pop-up window is shown for and-user yet. 3. The RADIUS server generates OTP and sends it to the user as SMS (by phone); and refuses the authentication request 4. The client (after its authentication request was refused) shows pop-up window for end-user. This may a pop-up implemented by my code; or the standard DCA pop-up. In this window the user is asked about the OTP he has just received in the SMS. If this will be the standard DCA pop-up, I would like it: — to have Usrename field disabled (the end-user should enter nothing on this stage), and only Passcode field enabled — to have my own text instead of standard ‘Authentication failed’ text Do not ask me who invented this workaround :-) The thing important for me now is: is such solution possible in principle?: Can I ‘embed into’ the DCA on client PC to change its behavior as I need? Does DCA allow changing of its behavior (customizing)? Does it allow to plug in some my module etc?