[THIN] Re: Web Interface - login process
- From: Angela Smith <angela_smith9@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 26 Feb 2008 21:31:18 +1100
Hi Rick
I actually did read the SDK documentation but unfortunately it went
over my head. Im getting a better understanding of whats going on
under the hood with everyones explanations.
My Zone Data Collector is also the XML Broker. I have 1 question outstanding:
1) The Zone Data Collector communicates with other Citrix Servers, Web
Interface and also the client (as per my flowchart diagram). What port
does it use for all this? Is it Port 80? If the WI had SSL would all
the communication be 443?
Thanks in advance
Angela
Date: Tue, 26 Feb 2008 20:13:51 +1000
From: ulrich.mack@xxxxxxxxx
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Web Interface - login process
Hi Angela,
I'd again recommend you read the WI SDK documentation, in particular concerning
the Authentication Sequence. This will give you a much better understanding of
how WI handles authentication.
In a nutshell, WI extracts the login credentials from the login page, and uses
the WebPN method checkAcessToken to contact the XML service on what you've
termed the XML broker to verify if the credentials are valid. As far as AD
authentication goes, that happens from the Citrix server being used as the XML
"broker".
The XML "broker" can be any one of the Citrix servers that you have added to
the Farm list in the WI configuration. WI will use the first server on the
list, which is optimally your zone data collector. There is nothing special
about the XML broker, it is simply whichever Citrix server that happpens to be
used by WI at that time.
Unless you're going to put your Citrix servers into the DMZ as well, the ports
used for authentication really don't matter all that much. Nevertheless, just
out of interest, the ports that could be used for authentication alone in a
2003 native AD are:
TCP/UDP 88 : Kerberos V
TCP/UDP 53 : DNS - find DC
TCP/UDP 389 : LDAP
This is ignoring the ports for RPC endpoint (TCP 135), netbios/SMB (TCP
139/445), and the fact you might be using RSA or Safeword token authentication
which will require additional ports opened for WI to talk either to the ACE
server or AD.
regards,
Rick
Ulrich Mack
www.commander.com (until the end of this week)
On 2/26/08, Angela Smith <angela_smith9@xxxxxxxxxxx> wrote:
Hi
Im still trying to work out what ports get used during Citrix logon.
Ive attached a PowerPoint slide that shows the main
communication flow. I have a few questions I was hoping you could assist with:
1) How do I determine what server is the XML Broker?
2) What ports does the XML Broker use to talk to:
- Active Directory
- Licensing Server (27000 Im assuming)
- Data Collector
- Least Loaded Server
- Client
Our Web Interface does not have a certificate so all communication internally
is on Port 80. Does Port 80 get used for all communication from the XML
Broker? Can anyone let me know what ports are used in question 2
Thanks
Angela
_________________________________________________________________
It's simple! Sell your car for just $30 at CarPoint.com.au
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
Other related posts:
