Launch Resources with Advanced Security (Get2xa)
The Get2xa command performs the same tasks as the LaunchApp command, but uses an advanced security mechanism to pass sensitive information between the web portal and the Parallels Client.
Advanced security is achieved as follows:
A user clicks a published resource on a third-party web portal. This opens a URL that uses the Parallels Client URL scheme and includes the following information:
The web portal server name, port number, and session ID.
A path from which Parallels Client can download an XML file containing the Parallels RAS connection information, user credentials, and the ID of the published resource to launch.
The XML file that the Parallels Client will be downloading is called a 2XA file, which is a historical name used in Parallels RAS to identify the specific file format. The 2XA file specifications (XML) are described later in this section.
The URL opens Parallels Client in the background. The information contained in the URL is passed to Parallels Client.
Parallels Client connects to the web server using the received information and downloads a 2XA file using the path that it received via the URL.
Note that the 2XA file should be dynamically generated for every user and every published resource when a given user attempts to launch a resource in the web portal.
Parallels Client parses the information contained in the XML file and uses it to create a connection, authenticate a user, and launch a resource.
Get2xa command options
The following table describes the Get2xa command options:
| Key | Datatype | Value |
|---|---|---|
Command | String | The name of the command to execute. In this instance, it's "Get2xa". |
Server | String | The server where the web portal is hosted. The server can be specified by IP address or its local name. |
Port | Int | The port number. |
Session | String | The web portal session ID. This is used by Parallels Client in the GET request. It is being passed as a cookie named "ASP.NET_SessionId" (see The GET request from Parallels Client below). |
Secure | Boolean | The SSL boolean value. "YES" - use SSL. "NO" - don't use it. The values are case sensitive. |
Path | String | A path to which Parallels Client needs to connect in order to download the 2XA file. This needs to be URL encoded. |
RequestPage | String | [Optional] The exact path of the current web portal page from where the original URL was launched. This is used in iOS, so that the iOS client can redirect the user back to the web portal page. |
URL example
The following URL opens Parallels Client and passes to it the web server information, the web portal session ID, the path to the 2XA file, and the path to the original web portal web page.
The GET request from Parallels Client
When Parallels Client receives the information from the URL, it uses it to connect to the web server and download the 2XA file.
The following is an example of the GET request performed by Parallels Client:
2XA XML details
The following table describes the XML document structure used in the 2XA file (see also the XML example below):
| Section | Key | Description |
|---|---|---|
IIS | ValidSession | This should be set to 1. |
Logon | User | Deprecated, but still supported for backwards compatibility. For new integrations, use LoginEx. The username. |
Logon | LoginEx | The username. Usernames can have 'username', 'domain\user', or 'username@domain' format. |
Logon | Base64ClearPassword | [Optional] Base 64 encoded plain text password. If this is not set, the Parallels Client will try to load the ClearPassword parameter (see below), else the user will be prompted for password when connecting. The parameter is available in all Parallels Client versions (desktop and mobile) since RAS v16.5.2. |
Logon | ClearPassword | [Optional] Plain text password. If this is not set, the user will be prompted for password when connecting. This parameter has been available in Parallels Client for Windows for some time. It is available in Parallels Client for other platforms (desktop and mobile) since RAS v16.5.2. |
Logon | SSO | [Optional] The Authentication mode. Can be one of the following: 0 = credentials (default) 3 = web |
Connection | Port | The server's port number. |
Connection | StartMode | The connection mode. Can be one of the following: 0 : Gateway Mode 1 : Direct Mode 2 : Gateway SSL 3 : Direct SSL |
Connection | PrimaryServer | The server name. Server can be specified by IP or by its local name. |
Startup | PublishedApp | [Optional] The ID of the published resource to be launched, including the pound sign (e.g. "#256"). You can look up the ID in the RAS Console (Publishing > select a resource > Information tab > look at the first field on the tab page, which displays the resource ID followed by resource name). You can also obtain a resource ID via RAS PowerShell by executing If this key is not set, the Parallels Client will show the list of all available published resources. |
Startup | OverrideParams | [Optional] URL encoded arguments to be passed to the published application. If included, the arguments will override existing arguments (if any). The parameter is available in Parallels Clients for all platforms (desktop and mobile) since RAS v16.5.2. |
XML Example
The XML document must begin with UTF-8 BOM (byte order mark), which consists of the following 3 bytes:
Note that BOM is not a text. You need to use a script that can add these 3 bytes to the beginning of the file.
The following is a sample 2XA XML document:
Note that another option to pass the password is to use the ClearPassword key instead of Base64ClearPassword, as shown below: