Tuesday, 25 July 2017

IBM BPM and the Process Federation Server - A Voyage of Discovery #3

So, following these two posts: -

once I'd got PFS set up and (mostly) working, I did some testing.

However, I kept seeing errors such as this: -

when I logged into the BPM 8.5.7 Process Portal ( if you remember, this is the new go-to Portal for everything, including the 8.5.5 instances ) via this URL: -

Talking to some of my genius colleagues, I realised that I could debug this better using a JavaScript console such as that provided by Google Chrome.

This is what I saw: -

A spot of Googling for net::ERR_INSECURE_RESPONSE made me realise the error of my ways.

I'm using self-signed certificates for the IHS instances fronting BPM 8.5.5 and 8.5.7. In addition, I'm also using a self-signed certificate for PFS which, although not using IHS, still has a web UI sitting on port 9443: -

When I first access Process Portal or PFS in Chrome, I see this: -

In other words, whilst I'd told Chrome to "trust" BPM 8.5.7 I had not told it to similarly trust BPM 8.5.7.

Once I accessed PFS: -

and reloaded the original 8.5.7 Process Portal page, suddenly my instances started to appear …

I did see one subsequent issue: -

XMLHttpRequest cannot load https://bpm855.uk.ibm.com:8443/rest/bpm/wle/v1/task/56?federationMode=true&parts=actions. The 'Access-Control-Allow-Origin' header has a value 'https://bpm855.uk.ibm.com:9443' that is not equal to the supplied origin. Origin 'https://bpm857.uk.ibm.com:8443' is therefore not allowed access.

It took me a while to work this out, but then I realised that it's telling me that the IHS fronting BPM 8.5.5 is being asked to allow the HTTP header to be modified to read https://bpm857.uk.ibm.com:8443 which doesn't match up with the mod_headers directive of: -

Header set Access-Control-Allow-Origin "https://bpm855.uk.ibm.com:8443"

which makes no sense at all, given that it's on the BPM 8.5.5 box itself :-)

Once I changed my IHS configuration: -

LoadModule headers_module modules/mod_headers.so
Header set Access-Control-Allow-Origin "https://bpm857.uk.ibm.com:8443"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"

all was well.

I'm still on the learning curve, especially with regard to the specifics of SSL certificate exchange, so expect more posts ….

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...