Recently, a more excited user came into my practice asking me for advice. After an upgrade he was not able to properly use BPM anymore. Each time when he is trying to enter Consoles like Process Center Console or Process Admin Console he is getting redirected from HTTPS to HTTP port at login. The bad thing beside that behavior is that the HTTP port is not working and he remains on the login page. Furthermore, Process Designer is not working. Here, after login a redirect to the Process Center Console login page (within the Process Designer window) using HTTP port happens.
His pain is awful since he cannot work with BPM anymore.
At first, I checked customer’s endpoint configuration and the OS System Proxy settings without finding any issue.
Next, I followed up checking some configuration settings in the WAS Admin Console. I discovered that an IHS (IBM HTTP Server) is in place. From earlier experiences I know, it might make sense to review IHS-related logs. Checking the access.log, I figured out that the redirect seems to occur on the Web Server:
GET /ProcessCenter/login.jsp HTTP/1.1 200
POST /ProcessCenter/j_security_check HTTP/1.1 302
Well, then let’s put the focus on the IHS, next. Here, some configuration can be checked in the WAS Admin Console. By doing that, I discovered that the Server name was only set using short name and not using full qualified name. After I states that, the user mentioned that this should not to be the case and that the full qualified name is expected.
I followed up with my investigations on the configuration. Here, another setting caught my attention:
Security > Global Security > Single Sign-on (SSO)
the tick for "Requires SSL” was set.
Although supported, this is not the default.
Well, we seemingly have a not properly configured IHS and its SSL (no full qualified name set, appropriate certificates were not shared etc.).
I assumes, that due to that misconfiguration the SSL connection breaks and a redirect to HTTP happens. Now HTTP itself is not working in user’s environment, since “Required SSL” is enabled for SSO (HTTPS is required). Ok, then... let’s try to fix it.
Based on my diagnosis, the user changed the Server name for his IHS to a full qualified name and disabled "Requires SSL" for SSO. For a test he restarted the environment (including IHS) and voilà - the scenario is working smoothly:
* When using HTTP port for the Process Center Console:
He is able to login (HTTP port is used after login)
* When using HTTPS port for the Process Center Console
He was able to login, as well (HTTPS port is used after login – no redirect)
That means, a redirect does NOT happen anymore when using the HTTPS port because the SSL connection does NOT break. Moreover, the HTTP is working since SSL is not required anymore for SSO.
Here are some additional information on how you can configure a IHS to work with BPM:
Well done, and one more happy customer !
And if this does not help, take two of these and call me in the morning.
Your Dr. Debug