[THIN] Re: Web Interface - login process
- From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 25 Feb 2008 13:04:38 -0000
I think the link is wrapped Angela -
Try this:
http://tinyurl.com/2mfl74
And if that doesn't work, search in google for
SecuringMonitoringNetworkTrafficwithinCAS_Final_v2
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Angela Smith
Sent: 25 February 2008 11:48
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface - login process
Hi Andrew
Thanks for the reply. The link to the ppt file doesn't seem to work. Do
you have another link to it?
Thanks
Angela
> From: andrew.wood@xxxxxxxxxxxxxxxx
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Web Interface - login process
> Date: Mon, 25 Feb 2008 11:21:30 +0000
>
> You don't need to open up ports from the WI server to AD to perform
> authentication. The WI server doesn't do user authentication - there's a
> slidedeck here -
>
www.citrixevents.com/.../dynamic/presentations/3105%20SecuringMonitoringNetw
> orkTrafficwithinCAS_Final_v2.ppt that gives a graphical view of the
> authentication process.
>
> User credentials are passed from the WI server to the IMA Service running
on
> your Citrix servers via the XML Broker in order for the IMA service to
> authenticate the user and get their list of available applications. When
the
> user wants to launch a published app, the user's ica file is populated
with
> their ticket information (obtained from an STA) which allows them to log
on.
>
>
> So, technically - you *could* just use 80 and 1494, although if you want
to
> use session reliability you'll need to add in 2598.
>
> Obviously, that's not very secure.
>
> Ideally you've enabled https for the page submitting the user's
credentials
> (otherwise your network passwords are wandering over the internet in plain
> sight), and you're at least encrypting the XML service from the WI to the
> Citrix servers by using https.
>
> Raw and out of the box, once the user launches an app they are
communicating
> with the Citrix server on 1494 (by default); its 1494 from the client to
the
> citrix server(s) for all the citrix clients, including java. 1494 might
not
> be open at the client end, and isn't encrypted either: a straightforward
way
> to secure that communication would be to have CSG to secure ICA
> communication to the user by encapsulating it in an SSL tunnel.
>
> There is a useful tcp port check document on doug brown's site -
> http://www.dabcc.com/article.aspx?id=1755
>
> Hth.
>
>
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
> Of Angela Smith
> Sent: 25 February 2008 09:18
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Web Interface - login process
>
>
> Hi
>
> Ive been tasked to document the Web Interface communication in our
> environment and the ports that need to be opened between our DMZ and
> internal network. Im looking at installing a Web Interface in our DMZ
which
> will access our Citrix Farm on the internal network. I need the Web
> Interface to authenticate against Active Directory. This is what Ive got
so
> far and I was hoping someone could crosscheck or point me in the right
> direction.
>
> 1) Client - Web Interface - Port 80
> 2) Web Interface - Active Directory (AD on internal network) - not sure
what
> AD ports need to be opened
> 3) Active Directory - Web Interface
> 4) Web Interface - Zone Data Collector - Port 80
> 5) Zone Data Collector - Web Interface - Port 80
> 6) Web Interface - Client - Port 80
>
> User launches Published App
> 7) Client - Web Interface - Port 80
> 8) Web Interface - Client - Port 80
> 8) Client - Citrix Presentation Server - Port 1494
>
>
> A few questions:
>
> 1) Is the above correct?
> 2) When a user launches a Published App, is the client talking 1494 direct
> to the Citrix Presentation Server? Is the communication going through the
> Web Interface or is it direct from client to the Citrix Server? Therefore
> does 1494 need to be open to the client or is it 1494 from Web Interface
to
> Citrix server only?
> 3) If the client is using JAVA does this still talk 1494 direct to the
> Citrix Farm or is it a different port?
>
> Im trying to document the above login process and would appreciate any
> assistance or direction.
>
> Thanks
> Angela
> _________________________________________________________________
> Overpaid or Underpaid? Check our comprehensive Salary Centre
>
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fcontent%2Emycareer%2Ecom%2Ea
>
u%2Fsalary%2Dcentre%3Fs%5Fcid%3D595810&_t=766724125&_r=Hotmail_Email_Tagline
> _MyCareer_Oct07&_m=EXT************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
>
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin
> ************************************************
_____
Find it at www.seek.com.au Your Future Starts Here. Dream it? Then be it!
<http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Eseek%2Ecom%2Eau%2
F%3Ftracking%3Dsk%3Ahet%3Ask%3Anine%3A0%3Ahot%3Atext&_t=764565661&_r=OCT07_e
ndtext_Future&_m=EXT>
Other related posts:
