Canary Clients to Identity
When a user logs into Axiom (via browser), does the Axiom Core service authenticate directly with the Identity Service (port 55351 gRPC), or does it rely on the Views Service as an intermediary to talk to Identity?
Similarly, when the Excel Add-In connects to the Canary server using an API token, does it authenticate directly with the Identity Service, or is it done via Views Service?
3 replies
-
Hi ,
Starting in v25.0, Axiom uses a reverse proxy to forward calls onto the Identity service to authenticate users when they log in. So the Identity service is still involved, but it's all going through Axiom over port 443. Prior to the reverse proxy, you would've needed 55253 opened for the Identity service for the authentication piece to work.
As for the Excel Add-in, if you're using an API token to authenticate, the client connects to the Views service over 55321 and passes the token along to Identity for authentication. If you're not using a token, 55353 would need opened so the user could authenticate. The Add-in does not have the reverse proxy capability like Axiom. -
Hi Thanks. If Axiom core (acting as reverse proxy) is remote, this means we still need to have the Identity services port open for the Axiom Core. Which port is that, is it 55351 ?
Print this page