BPuhl’s Blog

A little bit of everything without actually being much of anything

«
»

Random port? I think not…

Posted by BPuhl on June 8, 2009

6 months ago – We’re in the process of federating with a new partner, and the link they send us to their federation server looked something like this: 
https://federation.foo.com:9031/blah
 – notice the port 9031?

This seemed a little random, but not completely unusual since people tend to grab an available port when they want to host a test/beta site.

With a bit of troubleshooting, working with our proxy server team, etc… figured out that our proxy servers only allow SSL connectivity out to port 443, so the federation was broken.  A bit of back and forth with the partner, they moved to the standard SSL port, and everything worked great.

4 months ago – We’re in the process of federating with a new partner, and the link they send us to their federation server looked something like this: 
https://federation.contoso.com:9031/blah

Us:  Hey, we’ve seen this before – we can only connect to port 443 for SSL sites, can you move your federation server to the standard port?
Reply:  Sure, done – check it now

And there was much rejoicing. yeah.

Rinse and repeat this a half a dozen times over the past few months, and we’re getting pretty good at recognizing the issue.  And since about 60% of our federation partners are using STS’s which are not ADFS/Geneva, this scenario is even more common.

The other day, while dancing this dance yet again, we did notice one thing though – It’s not a random port – it’s ALWAYS port 9031.  Not only that, but looking back, it’s always with partners who are using Ping Federate server.

A quick search for “9031” on the Ping website, finds that a lot of their sample code uses port 9031. 

Ah ha!  Now I get it.  It wasn’t random after all, but rather re-using the sample code to set up services.  Which is a great, so now we know that when we’re federating with a partner that’s using Ping Federate – be on the lookout for port 9031.

About these ads

This entry was posted on June 8, 2009 at 10:58 am and is filed under ADFS, Digital Identity, Random Tecnical Stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Random port? I think not…”

  1. Laura said

    June 8, 2009 at 11:39 am

    Perfectly valid to use alternate ports though, obviously…you just don’t see it very often b/c it’s not at all intuitively exposed in the UI. (In your case it’s not a valid config b/c you’ve made a policy decision that prevents its use.)

    Actually had a client intentionally do so once, in a case where the fed servers were residing on web servers that was already using 443 for other purposes (and nobody wanted to virtualize for whatever reason), so off to another port we went.

    Reply

  2. Ask the Directory Services Team : New Directory Services KB Articles/Blog Posts 6/7-6/13 said

    June 15, 2009 at 10:30 am

    [...] Random port? I think not… Posted: Monday, June 15, 2009 2:29 PM by Craig [...]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: