The application creates a Listener to monitor a TCP port for XML messages posted over HTTPS. The default Listener port is 443, but it can be set to a custom port number via the Token Proxy Web Portal. This Listener must be exposed to the client (for example, OPERA systems).
The Listener manages its own use of the certificates provided by the datacenter using TLS1.2, so a firewall or load balancer (if present) must not offer any form of HTTPS to HTTP bridging functionality. Instead the connection must be passed directly to the Token Proxy Service. The certificates provided must be installed on all servers running the Token Proxy Service in the event the service is installed on multiple machines for load balance or fail over. In case if the certificate has to be deployed at load balancer, then a certificate should also be deployed at TPS app server to establish HTTPS connection from load balancer to TPS server. It is highly recommended to use CA signed certificates.
Parent topic: The Web Portal