IMPORTANT:The Advanced Authentication server uses ports 443 and 80. These ports cannot be changed.
Advanced Authentication supports port forwarding but it is not recommended. Here, the entire appliance is available through the internet. It is recommended to use reverse proxy to map only the specific URLs.
By default, the Advanced Authentication server uses the following RFC standard ports.
Service |
Port |
Protocol |
Usage |
---|---|---|---|
REST |
443 |
HTTPS |
All Communications |
Administration portal, Self-Service portal, Helpdesk portal, Reporting portal, and Search Card portal |
443 |
HTTPS |
All Communications (<AAServer>/admin, <AAServer>/account, <AAServer>/helpdesk, <AAServer>/report, <AAServer>/search-card |
Server Update |
443 |
HTTPS |
Update channel: appliance - update server (repo.authasas.com) |
Database replication |
5432: This port is required only for the installation of a new DB Server. Then the port can be closed. |
TCP |
Database replication between DB servers |
Database replication |
8080 |
TCP |
Database replication between DB servers |
DNS |
53 |
TCP, UDP |
DNS |
NTP |
123 |
UDP |
NTP, used for time synchronization |
LDAP |
389 |
TCP, UDP |
LDAP (if used with repository) |
LDAPS |
636 |
TCP,UDP |
LDAP over TLS/SSL (if used with repository) |
Dashboard and Reporting portal |
9200 |
HTTPS |
Collecting statistics from the Advanced Authentication servers in the cluster |
Advanced Authentication server uses the following ports for the different methods:
Service |
Port |
Protocol |
Usage |
---|---|---|---|
RADIUS |
1812 |
TCP, UDP |
Authentication |
RADIUS |
1813 |
TCP, UDP |
Accounting |
E-Mail Service |
Variable |
SMTP |
E-Mail Traffic |
Voice Call Service |
Variable |
HTTPS |
All Communications (<AAServer>/twilio/status, <AAServer>/twilio/gather) |
Smartphone |
Variable |
HTTPS |
All Communications (<AAServer>/smartphone) |
Smartphone Push Service |
443 |
HTTPS |
Communication between AAF and proxy.authasas.com (push service) |
SMS |
Variable |
HTTPS |
Communication to a used SMS service |
Swisscom Mobile ID |
Variable |
HTTPS |
Communication to the specified Swisscom Mobile ID service URL |
Voice OTP Service |
Variable |
HTTPS |
All Communications (<AAServer>/twilio/otp) |
IMPORTANT:Any port can be used in case of reverse proxy. For example, https://dnsname:888/smartphone. A reverse proxy redirect is done from port 888 to port 443 internally to appliance. Port 888 is used from outside, but port 443 is used inside the appliance.
Advanced Authentication uses the following URLs.
URL |
Used for |
---|---|
Advanced Authentication Server |
|
/static/*, /user/api |
Web portals |
/admin |
Administration portal |
/account |
Self-Service portal |
/helpdesk |
Helpdesk portal |
/report |
Reporting portal |
/api |
REST API calls |
/adfs |
ADFS plug-in |
/osp |
SAML 2.0, OAuth 2.0 integrations |
/search-card |
Search Card portal |
Smartphone |
|
/smartphone/adddevice/{path}/{enc_dev_id} |
|
/smartphone/confirm/{path} |
|
/smartphone/pushid/{path} |
|
/smartphone/requestsalt/{path} |
|
/smartphone/saltpushid/{path} |
|
Twilio (SMS, Voice Call, Voice OTP) |
|
/twilio/gather/{proc_id} |
|
/twilio/otp/{proc_id} |
|
/twilio/otp_anon/{tenant_id}/{otp} |
|
/twilio/status/{proc_id} |
|