Solving problems - Problem 1

I'm going to try an experiment here. I'll dump a series of problems, all based on actual problems the team had to deal with, and see your solutions to them. Use the Contact page to send the solution. The best solution will be posted at the end of the week.
If this works out, each Monday I'll post a new problem.

Problem 1: Security is tight

After a two months recon phase where you surveilled your target from different locations during the night and day, and where you scanned their public facing digital precense including social networks, forums, etc, you can't find a suitable way in. They are very efficient in their security.

On the physical side, they have well trained security personnel that work in pairs both on static positions and as a roaming patrol. They have motion sensors that activate light and cameras and alert them in real time. The gates are not only kept safe by a guard but a badge with a keycode is required to enter the building and any other room.
On the digital side, their archtecture is well designed, with a very simple DMZ that hosts a simple web server that has been hardened for security and guarded by a firewall and an IPS, a middle network that is guarded also by a firewall and IPS that allows ONLY an SSL connection from the web server on the DMZ into a web service that authenticates the connection. That token used to authenticate the connection is a single-use one and done in a way that performing a session replay is almost impossible. In the middle network you also have several other service servers that are not accessible from the Internet. Finally an internal network that has been segmented in zones. Each one guarded by a very paranoid set of rules on the firewalls. There is no way in and even if it was it would be a bitch to find a way to exfiltrate data.

What is the weak point and how do we exploit it.

Go!