Ports required for web login with domain SSO

I have a IIS on a server which is a member of an AD domain. The app is using Windows Integrated Authentication and users want single sign-on. Besides the web app's port (80) are there additional ports required:

  • Between the client PC and the web server?
  • Between the web server and the domain controllers?

I am asking this because the customer is putting the web server behind a firewall and will open specific ports upon request only.

1 Answer

No, there aren't. Client authentication data is sent in the standard HTTP Authorization: header. Kerberos tokens are validated by the server itself (against its keytab or 'machine password'), and using the regular AD login protocol for NTLM.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like