Monday, 12 May 2014

Reconfiguring BusinessSpace to avoid HTTP to HTTPS redirection

NOTE: This is an unsupported "solution" to a problem that may occur during the setup of demo/test environments. Your mileage may vary; if in doubt, please contact IBM Support for a formal supported solution.

So, during the build of an IBM Business Process Manager 8.5 PoC environment, one of my developer colleagues had a requirement to connect to BPM using HTTP rather than the secure HTTPS protocol.

By pure coincidence, as this was a PoC environment, I'd not hardened WAS to my normal standard, meaning that the HTTP ports to the JVMs ( and corresponding Virtual Hosts ) were still available.

This meant that the URLs for Process Center and Process Admin worked via HTTP without modification.

However, I noticed that Business Space would automatically redirect from HTTP to HTTPS without prompting.

In other words, I'd enter this URL: -

The "solution" to this is quite simple BUT it involves modifying one of the XML files that forms the core of the deployed Process Portal Enterprise Archive (EAR) file.

I'm documenting the circumvention purely for information and, as stated previously, this is an UNSUPPORTED modification.

In essence, I navigated to the "exploded" EAR file, that sits within the cell-level configuration: -

cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/PCCell1/applications/IBM_BPM_Portal_ProcessCenterCluster.ear/deployments/IBM_BPM_Portal_ProcessCenterCluster/process-portal.war/WEB-INF

created a backup of the existing web.xml file: -

cp web.xml web.xml.original

modified web.xml: -

vi web.xml

replacing the word CONFIDENTIAL with the word NONE in two places, specifically changing from: -

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

to: -

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

Once I did this, and restarted the Process Portal application ( actually I restarted the cluster within which the EAR resides ), I was able to access the Process Portal via HTTP without issues.

Again, I'll say it to avoid doubt - THIS IS AN UNSUPPORTED MODIFICATION. YOUR MILEAGE MAY/WILL VARY.

No comments: