Random port? I think not…
Posted by BPuhl on June 8, 2009
6 months ago – We’re in the process of federating with a new partner, and the link they send us to their federation server looked something like this: https://federation.foo.com:9031/blah – notice the port 9031?
This seemed a little random, but not completely unusual since people tend to grab an available port when they want to host a test/beta site.
With a bit of troubleshooting, working with our proxy server team, etc… figured out that our proxy servers only allow SSL connectivity out to port 443, so the federation was broken. A bit of back and forth with the partner, they moved to the standard SSL port, and everything worked great.
4 months ago – We’re in the process of federating with a new partner, and the link they send us to their federation server looked something like this: https://federation.contoso.com:9031/blah
Us: Hey, we’ve seen this before – we can only connect to port 443 for SSL sites, can you move your federation server to the standard port?
Reply: Sure, done – check it now
And there was much rejoicing. yeah.
Rinse and repeat this a half a dozen times over the past few months, and we’re getting pretty good at recognizing the issue. And since about 60% of our federation partners are using STS’s which are not ADFS/Geneva, this scenario is even more common.
The other day, while dancing this dance yet again, we did notice one thing though – It’s not a random port – it’s ALWAYS port 9031. Not only that, but looking back, it’s always with partners who are using Ping Federate server.
A quick search for “9031” on the Ping website, finds that a lot of their sample code uses port 9031.
Ah ha! Now I get it. It wasn’t random after all, but rather re-using the sample code to set up services. Which is a great, so now we know that when we’re federating with a partner that’s using Ping Federate – be on the lookout for port 9031.