I would like to ask if there are any ways for me to use a different port for user authentication purpose (Other than 4183)?
As for configuration, remaining port 4183 is fine. The purpose of this request is because firewall team would like to clearly distinguish whether the traffic is meant for authentication or console configuration purposes.
Thank you in advance.
Solved! Go to Solution.
We do not neither support nor recommend running Console (https) on two different ports. Such configuration may lead to multiple issues and we definitely do not want our customers to go this way.
I'm just thinking if there is any other way to achieve your goal and the first idea which comes to my mind, is to use URLs to distinguish traffic for authentication and traffic for configuration. URLs:
should be considered as a traffic for authentication purposes, all other URLs are for working with configuration.
I realize that for firewall team using port for distinguishing traffic purpose might be better solution, but perhaps approach with URLs will work as well ?
Thanks for your input. Actually we have proposed them the idea of distinguishing operation through URL. Unfortunately they are not impressed with our answer. Nevertheless appreciate your reply.
I reckon firewall team should not fuss on the functionality of an application.
But if you insist to separate the functionality you could consider to use or implement a Single Sign On service, and have that deal with authentication.
Implementing external SSO and integrating it with NAM Console will not solve the problem I'm afraid. Even with external IdP, still it is NAM Console who receives both kind of requests:
* For authenticating users who want, for example, see report on NAM server
* For users who want to perform configuration actions on Console, say, modify Software service definition
The thing is to distinguish those two kinds of requests/traffic, that's how I understand original problem.
Ah yes, I was under the impression that Console acted in place of SSO, and with an actual SSO this would work directly. https://www.dynatrace.com/support/doc/nam/sso/nam-sso-deployment-external-idp/#using-openam-as-an-ex...
Then it's as it is. Two functions on one port. From firewall perspective you can't tell the difference, when it's IP/port based. As most are.