Launch Resources with Advanced Security (Get2xa)

The Get2xa command performs the same tasks as the LaunchApp command, but uses an advanced security mechanism to pass sensitive information between the web portal and the Parallels Client.

Advanced security is achieved as follows:

  1. A user clicks a published resource on a third-party web portal. This opens a URL that uses the Parallels Client URL scheme and includes the following information:

    • The web portal server name, port number, and session ID.

    • A path from which Parallels Client can download an XML file containing the Parallels RAS connection information, user credentials, and the ID of the published resource to launch.

      The XML file that the Parallels Client will be downloading is called a 2XA file, which is a historical name used in Parallels RAS to identify the specific file format. The 2XA file specifications (XML) are described later in this section.

  2. The URL opens Parallels Client in the background. The information contained in the URL is passed to Parallels Client.

  3. Parallels Client connects to the web server using the received information and downloads a 2XA file using the path that it received via the URL.

    Note that the 2XA file should be dynamically generated for every user and every published resource when a given user attempts to launch a resource in the web portal.

  4. Parallels Client parses the information contained in the XML file and uses it to create a connection, authenticate a user, and launch a resource.

Get2xa command options

The following table describes the Get2xa command options:

Key
Datatype
Value

Command

String

The name of the command to execute. In this instance, it's "Get2xa".

Server

String

The server where the web portal is hosted. The server can be specified by IP address or its local name.

Port

Int

The port number.

Session

String

The web portal session ID. This is used by Parallels Client in the GET request. It is being passed as a cookie named "ASP.NET_SessionId" (see The GET request from Parallels Client below).

Secure

Boolean

The SSL boolean value. "YES" - use SSL. "NO" - don't use it. The values are case sensitive.

Path

String

A path to which Parallels Client needs to connect in order to download the 2XA file. This needs to be URL encoded.

RequestPage

String

[Optional] The exact path of the current web portal page from where the original URL was launched.

This is used in iOS, so that the iOS client can redirect the user back to the web portal page.

URL example

The following URL opens Parallels Client and passes to it the web server information, the web portal session ID, the path to the 2XA file, and the path to the original web portal web page.

prlclient:///?Command=Get2xa&Server=my.server.testing&Port=80&Session=adm2dpjq3jomvk45mzktuy45&Secure=YES&Path=%2fmywebportal%2fDashboardSource.aspx%3frApplicationID%3d2360%26rtype%3dget%26rcommand%3drun_secure_app%26rfarm%3d3&RequestPage=https://my.server.testing:80/mywebportal/Dashboard.aspx

The GET request from Parallels Client

When Parallels Client receives the information from the URL, it uses it to connect to the web server and download the 2XA file.

The following is an example of the GET request performed by Parallels Client:

GET %%Path%% HTTP/1.1
Host: %%Server%%:%%Port%%
User-Agent: RAS Client
Content-Type: application/x-www-form-urlencoded
Cookie: ASP.NET_SessionId=%%Session%%

2XA XML details

The following table describes the XML document structure used in the 2XA file (see also the XML example below):

Section
Key
Description

IIS

ValidSession

This should be set to 1.

Logon

User

Deprecated, but still supported for backwards compatibility. For new integrations, use LoginEx.

The username.

Logon

LoginEx

The username. Usernames can have 'username', 'domain\user', or 'username@domain' format.

Logon

Base64ClearPassword

[Optional] Base 64 encoded plain text password. If this is not set, the Parallels Client will try to load the ClearPassword parameter (see below), else the user will be prompted for password when connecting.

The parameter is available in all Parallels Client versions (desktop and mobile) since RAS v16.5.2.

Logon

ClearPassword

[Optional] Plain text password. If this is not set, the user will be prompted for password when connecting.

This parameter has been available in Parallels Client for Windows for some time. It is available in Parallels Client for other platforms (desktop and mobile) since RAS v16.5.2.

Logon

SSO

[Optional] The Authentication mode. Can be one of the following:

0 = credentials (default)

3 = web

Connection

Port

The server's port number.

Connection

StartMode

The connection mode. Can be one of the following:

0 : Gateway Mode

1 : Direct Mode

2 : Gateway SSL

3 : Direct SSL

Connection

PrimaryServer

The server name. Server can be specified by IP or by its local name.

Startup

PublishedApp

[Optional] The ID of the published resource to be launched, including the pound sign (e.g. "#256").

You can look up the ID in the RAS Console (Publishing > select a resource > Information tab > look at the first field on the tab page, which displays the resource ID followed by resource name).

You can also obtain a resource ID via RAS PowerShell by executing Get-RASPubItem "resource-name". The returned PubItem object has the Id property that specifies the resource ID. To get the list of all available published resources, execute the Get-RASPubItem cmdlet with no parameters.

If this key is not set, the Parallels Client will show the list of all available published resources.

Startup

OverrideParams

[Optional] URL encoded arguments to be passed to the published application. If included, the arguments will override existing arguments (if any).

The parameter is available in Parallels Clients for all platforms (desktop and mobile) since RAS v16.5.2.

XML Example

The XML document must begin with UTF-8 BOM (byte order mark), which consists of the following 3 bytes:

0xEF 0xBB 0xBF

Note that BOM is not a text. You need to use a script that can add these 3 bytes to the beginning of the file.

The following is a sample 2XA XML document:



   
      1
   
   
      phil@win-rjg64ubucvl
      win-rjg64ubucvl\phil
      SGVsbG9JdHNNZSE=
   
   
      80
      0
      192.168.12.73
   
   
      #1
....
      Hello%201%202%203
   

Note that another option to pass the password is to use the ClearPassword key instead of Base64ClearPassword, as shown below:

HelloItsMe!

Last updated

Other Resources

Feedback

© 2024 Parallels International GmbH. All rights reserved.