[THIN] Re: Web Interface - login process

• From: "Rick Mack" <ulrich.mack@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Tue, 26 Feb 2008 20:13:51 +1000

Hi Angela,

I'd again recommend you read the WI SDK documentation, in particular
concerning the Authentication Sequence. This will give you a much better
understanding of how WI handles authentication.

In a nutshell, WI extracts the login credentials from the login page, and
uses the WebPN method checkAcessToken to contact the XML service on what
you've termed the XML broker to verify if the credentials are valid. As far
as AD authentication goes, that happens from the Citrix server being used as
the XML "broker".

The XML "broker" can be any one of the Citrix servers that you have added to
the Farm list in the WI configuration. WI will use the first server on the
list, which is optimally your zone data collector. There is nothing special
about the XML broker, it is simply whichever Citrix server that happpens to
be used by WI at that time.

Unless you're going to put your Citrix servers into the DMZ as well, the
ports used for authentication really don't matter all that much.
Nevertheless, just out of interest, the ports that could be used for
authentication alone in a 2003 native AD are:

   - TCP/UDP 88 : Kerberos V
   - TCP/UDP 53 : DNS - find DC
   - TCP/UDP 389 : LDAP

This is ignoring the ports for RPC endpoint (TCP 135),  netbios/SMB (TCP
139/445), and the fact you might be using RSA or
Safeword token authentication which will require additional ports opened for
WI to talk either to the ACE server or AD.

regards,

Rick

Ulrich Mack
www.commander.com (until the end of this week)

On 2/26/08, Angela Smith <angela_smith9@xxxxxxxxxxx> wrote:

>
> Hi
>
> Im still trying to work out what ports get used during Citrix logon.
> Ive attached a PowerPoint slide that shows the main
> communication flow.  I have a few questions I was hoping you could assist
> with:
>
>
> 1) How do I determine what server is the XML Broker?
>
> 2) What ports does the XML Broker use to talk to:
>        - Active Directory
>        - Licensing Server (27000 Im assuming)
>        - Data Collector
>        - Least Loaded Server
>        - Client
>
> Our Web Interface does not have a certificate so all communication
> internally is on Port 80.  Does Port 80 get used for all communication from
> the XML Broker?  Can anyone let me know what ports are used in question 2
>
> Thanks
> Angela
>
>
>

• Follow-Ups:
  • [THIN] Re: Web Interface - login process
    • From: Angela Smith

• References:
  • [THIN] Re: Web Interface - login process
    • From: Angela Smith

Other related posts:

• » [THIN] Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process
• » [THIN] Re: Web Interface - login process

1. Home
2. thin
3. Archive
4. 02-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---