once I'd got PFS set up and (mostly) working, I did some testing.
However, I kept seeing errors such as this: -
when I logged into the BPM 8.5.7 Process Portal ( if you remember, this is the new go-to Portal for everything, including the 8.5.5 instances ) via this URL: -
Talking to some of my genius colleagues, I realised that I could debug this better using a JavaScript console such as that provided by Google Chrome.
This is what I saw: -
A spot of Googling for net::ERR_INSECURE_RESPONSE made me realise the error of my ways.
I'm using self-signed certificates for the IHS instances fronting BPM 8.5.5 and 8.5.7. In addition, I'm also using a self-signed certificate for PFS which, although not using IHS, still has a web UI sitting on port 9443: -
When I first access Process Portal or PFS in Chrome, I see this: -
In other words, whilst I'd told Chrome to "trust" BPM 8.5.7 I had not told it to similarly trust BPM 8.5.7.
Once I accessed PFS: -
and reloaded the original 8.5.7 Process Portal page, suddenly my instances started to appear …
I did see one subsequent issue: -
XMLHttpRequest cannot load https://bpm855.uk.ibm.com:8443/rest/bpm/wle/v1/task/56?federationMode=true&parts=actions. The 'Access-Control-Allow-Origin' header has a value 'https://bpm855.uk.ibm.com:9443' that is not equal to the supplied origin. Origin 'https://bpm857.uk.ibm.com:8443' is therefore not allowed access.
It took me a while to work this out, but then I realised that it's telling me that the IHS fronting BPM 8.5.5 is being asked to allow the HTTP header to be modified to read https://bpm857.uk.ibm.com:8443 which doesn't match up with the mod_headers directive of: -
which makes no sense at all, given that it's on the BPM 8.5.5 box itself :-)
Once I changed my IHS configuration: -
LoadModule headers_module modules/mod_headers.so
Header set Access-Control-Allow-Origin "https://bpm857.uk.ibm.com:8443"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"
Header set Access-Control-Allow-Origin "https://bpm857.uk.ibm.com:8443"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"
all was well.
I'm still on the learning curve, especially with regard to the specifics of SSL certificate exchange, so expect more posts ….
No comments:
Post a Comment