Tuesday, 25 July 2017

IBM BPM and the Process Federation Server - A Voyage of Discovery #3

So, following these two posts: -



once I'd got PFS set up and (mostly) working, I did some testing.

However, I kept seeing errors such as this: -


when I logged into the BPM 8.5.7 Process Portal ( if you remember, this is the new go-to Portal for everything, including the 8.5.5 instances ) via this URL: -


Talking to some of my genius colleagues, I realised that I could debug this better using a JavaScript console such as that provided by Google Chrome.

This is what I saw: -


A spot of Googling for net::ERR_INSECURE_RESPONSE made me realise the error of my ways.

I'm using self-signed certificates for the IHS instances fronting BPM 8.5.5 and 8.5.7. In addition, I'm also using a self-signed certificate for PFS which, although not using IHS, still has a web UI sitting on port 9443: -


When I first access Process Portal or PFS in Chrome, I see this: -


In other words, whilst I'd told Chrome to "trust" BPM 8.5.7 I had not told it to similarly trust BPM 8.5.7.

Once I accessed PFS: -


and reloaded the original 8.5.7 Process Portal page, suddenly my instances started to appear …

I did see one subsequent issue: -

XMLHttpRequest cannot load https://bpm855.uk.ibm.com:8443/rest/bpm/wle/v1/task/56?federationMode=true&parts=actions. The 'Access-Control-Allow-Origin' header has a value 'https://bpm855.uk.ibm.com:9443' that is not equal to the supplied origin. Origin 'https://bpm857.uk.ibm.com:8443' is therefore not allowed access.

It took me a while to work this out, but then I realised that it's telling me that the IHS fronting BPM 8.5.5 is being asked to allow the HTTP header to be modified to read https://bpm857.uk.ibm.com:8443 which doesn't match up with the mod_headers directive of: -

Header set Access-Control-Allow-Origin "https://bpm855.uk.ibm.com:8443"

which makes no sense at all, given that it's on the BPM 8.5.5 box itself :-)

Once I changed my IHS configuration: -

LoadModule headers_module modules/mod_headers.so
Header set Access-Control-Allow-Origin "https://bpm857.uk.ibm.com:8443"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"


all was well.

I'm still on the learning curve, especially with regard to the specifics of SSL certificate exchange, so expect more posts ….

No comments: