Allowing insecure access to Heritage Process Portal (
deprecated)
You should require HTTPS communication from the browser to the server when accessing any IBM® Business Process Manager user interface. Typically, these user interfaces are available for authenticated users only and authentication credentials are submitted with every request; for example, user IDs and passwords, or the LTPA cookie. These authentication credentials should be protected from eavesdropping and therefore never be transmitted over unencrypted connections. If you have an SSL offloading requirement, see the httpsIndicatorHeader configuration in Web container customer properties in the WebSphere® Application Server documentation.
About this task
This task describes how to change the protocol by running the configBSpaceTransport.py script.
Enforcement of HTTPS with
cumulative fix 2017.03 also enabled additional security configuration: setting the secure flag for
LTPA and HTTP session cookies. This new default configuration instructs browsers to send these
sensitive cookies over secure connections only. If you configure Business Space or Heritage Process Portal to be available over non-secure HTTP connections, these cookies must
not be marked with the secure flag. The configBSpaceTransport.py script has
been enhanced to disable the secure flag for these two cookies for the
allowhttp parameter and to enable the secure flag for these two cookies for the
httpsonly parameter.
Procedure
- If you have a stand-alone server, run
wsadmin.sh or
wsadmin.bat from the stand-alone_profile/bin/
directory on the server. - To allow only HTTPS connections to Heritage Process Portal, enter
the following
command:
wsadmin -user user_name -password password -f install_root/BusinessSpace/scripts/configBSpaceTransport.py -httpsonly - To allow HTTP connections to Heritage Process Portal, enter
the following
command:
wsadmin -user user_name -password password -f install_root/BusinessSpace/scripts/configBSpaceTransport.py -allowhttp
Tip: By default, the command applies to the current server and node. If you want to specify a different location, use the optional -serverName and -nodeName parameters. - To allow only HTTPS connections to Heritage Process Portal, enter
the following
command:
- If you have a network deployment environment, you must run wsadmin.sh or wsadmin.bat from the
dmgr_profile/bin/ directory on the server to update the cluster where the
BSpaceEAR application is deployed. Important: Make sure that the deployment manager is running before you run the script.
- To allow only HTTPS connections to Heritage Process Portal, enter
the following
command:
wsadmin -user user_name -password password -f install_root/BusinessSpace/scripts/configBSpaceTransport.py -httpsonly -clusterName application_cluster - To allow HTTP connections to Heritage Process Portal, enter
the following
command:
wsadmin -user user_name -password password -f install_root/BusinessSpace/scripts/configBSpaceTransport.py -allowhttp -clusterName application_cluster
Where application_cluster is the application cluster of your IBM Business Process Manager deployment environment.
- To allow only HTTPS connections to Heritage Process Portal, enter
the following
command: