Configuring IBM BPM endpoints to match your topology

If the user's browser requests pass through a web server or load-balancing server before the request reaches the IBM® BPM server, you must configure the virtual host information that is used by IBM BPM to generate URLs. Depending on the complexity of your topology and security setup, you might have to configure several different types of URLs.

About this task

IBM BPM generates many different types of URLs for action links in the external browser client, internal communications, and connections to internal services. If your topology or security setup requires that IBM BPM must generate certain types of URLs differently, there are various ways to configure them.

It is important to identify the different entry points in your network, such as load balancers and web servers, for external and internal clients. For example, generally, the protocol, host name, and port number of the entry point server must be used in any generated links that are served to clients. Sometimes the endpoints can be defined as a static URL, but in more complex topologies it might be necessary to use a dynamic strategy, such as extracting the information from the header of the request.

In simple topologies, the defaults should work without any changes. Generally, a production environment requires some changes to the defaults. For example, if you have a web server for external clients, see Customizing IBM BPM to work with a web server.

More complex topologies and ones that include multiple deployment environments require more targeted configuration of specific objects.

Procedure

Complete the following actions:

Identify the components and structure of your topology. Components to consider include such things as load balancers, external web servers, reverse proxies, firewalls, internal web servers, Process Server, and Process Centers.

Identify which default scenarios you must modify, and decide whether to use a virtual host object, a URL, or a list of dynamic strategies to determine the correct endpoint.

For each deployment environment, use the following table to identify which of the default scenarios you must change, and whether to use a static virtual host definition, a static URL, or a list of dynamic strategies to get the host information for generated URLs.

Important: If you have multiple deployment environments, these settings must be evaluated and configured for each deployment environment.

Table 1. Default scenario keys for generated URLs
Default `BPMURL` scenario keys	Description
`EXTERNAL_CLIENT`	This generic scenario key is intended for non-relative URLs to be used by clients outside the data center, such as web browsers. If all external clients connect directly to the IBM BPM server, there is no need to change the default value. If all external clients use one entry point into your network, such as a web server, you can define the `EXTERNAL_CLIENT` scenario to use a static virtual host object or a static URL. If you have multiple entry points for external clients, for example, a load balancer and a web server, using a single virtual host setting or a static URL is not appropriate, and you must define the `EXTERNAL_CLIENT` scenario to use one or more dynamic strategies. Use Table 2 to decide which strategies you will use.
`INTERNAL_CLIENT`	This generic scenario key is intended for non-relative URLs to be used by clients inside the data center, such IBM BPM calling itself. If all internal clients connect directly to the IBM BPM server, there is no need to change the default value. If all internal clients use one entry point into your network, such as a web server, you can define the `INTERNAL_CLIENT` scenario to use a static virtual host object or a static URL. If you have multiple entry points for internal clients, for example, a load balancer and a web server, using a single virtual host setting or a static URL is not appropriate, and you must define the `INTERNAL_CLIENT` scenario to use one or more dynamic strategies. Use Table 2 to decide which strategies to use.
`RELATIVE`	This generic scenario key is intended for relative URLs to facilitate access to browser-based web applications through various entry points in your topology. For example, some users might access IBM BPM through a reverse proxy whereas others might connect directly to the web server.

Tip: These defaults are only used for a generated URL if the optional scenario that is specific to the URL type is not defined. For a list of which types of generated URLs are affected by each default, see Table 3.

For each scenario, a BPMURL object defines a list of strategies. The strategies are attempted in the order that is specified until one returns the required information. Each strategy uses a different approach to determine the transport protocol, host, and port that are used to generate URLs, for example, by extracting them from a particular header in the request. The BPMURL object can also reference a BPMVirtualHostInfo object that contains fixed values for the transport protocol, host name, port number of the virtual host, and any URL prefix. Table 2 describes all strategies that are available.

Table 2. Strategies for identifying endpoint information for generated URLs
Strategy name	Description
`com.ibm.bpm.endpoint.impl.strategies. BpmHeaderAbsoluteStrategy`	This strategy attempts to extract the protocol, host, and port information from a BPM specific HTTP request header: `com.ibm.bpm.routing.HostAndURIPrefix`.
`com.ibm.bpm.endpoint.impl.strategies. BpmHeaderRelativeStrategy`	This strategy attempts to extract a relative URL from a BPM specific HTTP request header: `com.ibm.bpm.routing.URIPrefix`. Note that the code will use the value as is.
`com.ibm.bpm.endpoint.impl.strategies. CurrentJVMDefaultTransportStrategy`	This strategy will calculate a URL based on hostname information of the current Application Server Java Virtual Machine. The current setting of `useHTTPSURLPrefixes` is evaluated to derive protocol and port information: true `https://` with `WC_defaulthost_secure` false `http://` with `WC_defaulthost`
`com.ibm.bpm.endpoint.impl.strategies. CurrentJVMInsecureStrategy`	This strategy returns a URL with insecure HTTPS protocol, the current Application Server JVM host name, and `WC_defaulthost` port.
`com.ibm.bpm.endpoint.impl.strategies. CurrentJVMSecureStrategy`	This strategy returns a URL with secure HTTPS protocol, the current Application Server JVM host name, and `WC_defaulthost_secure` port.
`com.ibm.bpm.endpoint.impl.strategies. HttpProtocolHostStrategy`	This strategy attempts to extract the protocol, host, and port number information from the host header.
`com.ibm.bpm.endpoint.impl.strategies. RelativeUrlStrategy`	This strategy does not use host and port information.
`com.ibm.bpm.endpoint.impl.strategies. TeamworksWebappPrefixLegacyStrategy`	This strategy is for certain legacy paths such as the `/exposed` REST API and the `/task/clientSettings` REST API. The strategy searches for a `BPMURL` object that has the `scenario` attribute that is set to the value `COMMON_TEAMWORKS_WEBAPP_PREFIX`, and then uses the associated `BPMVirtualHostInfo` object.
`com.ibm.bpm.endpoint.impl.strategies. WCCMConfigStrategy`	This strategy uses static information from a `BPMVirtualHostInfo` object. The `virtualHost` property of the `BPMURL` object for the strategy identifies which virtual host information is used.
`com.ibm.bpm.endpoint.impl.strategies. WebsphereProxyHeaderStrategy`	If you use a WebSphere proxy, this strategy attempts to extract the protocol, host, and port number information from the header that is added by the WebSphere proxy. Note that this strategy actually mimics legacy behavior, for example, of the exposed items REST API. The following headers will be looked for: $WSSC Websphere scheme, or protocol $WSRA WebSphere remote IP address $WSRH WebSphere remote host Via The port will be derived from this header. If present, the URL will be constructed using the scheme, then the remote host (if present) or the remote IP address, and then a colon and the port derived from the "Via" header (if present): `<$WSSC>://<$WSRH \| $WSRA>[:<port>]`.
`com.ibm.bpm.endpoint.impl.strategies. XForwardedHeaderDefaultHttpsStrategy`	This strategy will read HTTP request header `X-Forwarded-Host` to construct a URL using the secure HTTPS protocol. No port information is expected, but it could be concatenated to the host name in `X-Forwarded-Host`. If the header has multiple values, the first one will be used.
`com.ibm.bpm.endpoint.impl.strategies. XForwardedHeaderDefaultHttpStrategy`	This strategy will read HTTP request header `X-Forwarded-Host` to construct a URL using the insecure HTTP protocol. No port information is expected, but it could be concatenated to the hostname in `X-Forwarded-Host`. If the header has multiple values, the first one will be used.
`com.ibm.bpm.endpoint.impl.strategies. XForwardedHeaderStrategy`	This strategy will read HTTP request headers `X-Forwarded-Host` and `X-Forwarded-Protocol` to construct a URL. No port information is expected, but it could be concatenated to the hostname in `X-Forwarded-Host`. If any of the headers has multiple values, the first one will be used.

Connect to the wsadmin client by entering the following command: For Windows operating system

wsadmin.bat -conntype NONE -lang jython

wsadmin.sh -conntype NONE -lang jython

For each deployment environment that requires changes to the default scenarios, perform the following actions.
Remember: Because the default scenario objects always exist in each deployment environment configuration, you never need to create them.
1. Get and display your deployment environment object. Substituting your cell name for cell_name, complete the following actions.
  - If you have only one deployment environment, enter the following commands at the wsadmin prompt:
```
dePath='/Cell:cell_name/BPMCellConfigExtension:/BPMDeploymentEnvironment:/'
de=AdminConfig.getid(dePath)
de
```
  - If you have multiple deployment environments, and you want to modify the endpoints for the deployment environment named deployment_env_name, enter the following commands at the wsadmin prompt:
```
dePath='/Cell:cell_name/BPMCellConfigExtension:/BPMDeploymentEnvironment:deployment_env_name/'
de=AdminConfig.getid(dePath)
de
```
2. Create a BPMVirtualHostInfo object for the deployment environment deployment_env_name, and keep a wsadmin variable pointer to it for any scenarios that must point to it.
```
default_vh=AdminConfig.create('BPMVirtualHostInfo',de,
                            [['name','vh_deployment_env_name'],
                             ['transportProtocol','https'],
                             ['hostname','example.com'],
                             ['port','443'],
                             ['uriPrefix','']],
                             'virtualHosts')
```
  If you want to use an existing BPMVirtualHostInfo object, get a wsadmin variable pointer to it and modify it as necessary. For example, to modify the BPMVirtualHostInfo object named internal_vh:
```
internal_vh = AdminConfig.getid(dePath + "BPMVirtualHostInfo:%s" % ('internal_vh'))
AdminConfig.modify(internal_vh, [ [ 'hostname', 'internal2.example.com' ], [ 'port', '8443' ] ] )
```
  To remove an existing BPMVirtualHostInfo object, get a wsadmin variable pointer to it and enter the following command at the wsadmin prompt:
```
AdminConfig.remove(internal_vh)
```
3. You can set the default virtual host attribute (defaultVH) for the deployment environment to point to the new BPMVirtualHostInfo object, which is pointed to by the wsadmin variable default_vh. This will ensure that all scenarios that do not return a specific protocol, host, port and context-root combination will default to information provided in the BPMVirtualHostInfo object.
```
AdminConfig.modify(de,[['defaultVH',default_vh]])
```
4. For each default scenario that you want to modify for the deployment environment deployment_env_name:
  1. Identify the scenario to modify by entering one of the following commands:
    - scenario='EXTERNAL_CLIENT'
    - scenario='INTERNAL_CLIENT'
    - scenario='RELATIVE'
    Remember: Because the default scenarios that are listed in Table 1 are always defined, you do not need to create them.
  2. Get and display the BPMURL object for the scenario, scenario, by entering the following commands:
```
bpmurlsid=AdminConfig.getid(dePath+'BPMURLS:/')
bpmurllist=AdminUtilities.convertToList(AdminConfig.list("BPMURL", bpmurlsid))
for item in bpmurllist :
  if AdminConfig.showAttribute(item,'scenario')==scenario : bpmurl=item

print bpmurl
```
    Important: Because Jython relies on indentation to identify the contents of a loop, the space character before the if statement is required, and pressing enter twice is necessary to execute the loop.
  3. Set the scenario by performing one of the following actions:
    1. If you decided to use a virtual host object, modify the BPMURL object for the scenario, scenario, to set the virtualHost pointer to the new BPMVirtualHostInfo object, default_vh.
```
AdminConfig.modify(bpmurl,[['virtualHost',default_vh]])
```
      Important: If it is not appropriate to use the default virtual host information, create a new one, and set the pointer to that one. For example:
      internal_vh=AdminConfig.create('BPMVirtualHostInfo',de, [['name','vh_deployment_env_name'], ['transportProtocol','https'], ['hostname','internal.example.com'], ['port','443'], ['uriPrefix','']], 'virtualHosts') AdminConfig.modify(bpmurl,[['virtualHost',internal_vh]])
    2. If you decided to use a fixed URL, set the url attribute on the BPMURL object for the scenario, scenario. For example, to set the URL https://webserver.example.com:443, enter the following command:
```
AdminConfig.modify(bpmurl,[['url','https://webserver.example.com:443']])
```
    3. If you decided to use dynamic predefined strategies to extract the host information, modify the BPMURL object for the scenario, scenario to set the strategies property. For example, to set the bpmurl object to use the WebsphereProxyHeaderStrategy, XForwardedHeaderStrategy, and HttpProtocolHostStrategy' strategies, enter the following command:
```
AdminConfig.modify(bpmurl,
          [['strategies',
            'com.ibm.bpm.endpoint.impl.strategies.WebsphereProxyHeaderStrategy, 
             com.ibm.bpm.endpoint.impl.strategies.XForwardedHeaderStrategy, 
             com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy']])
```
  4. Save your changes.
```
AdminConfig.save()
```

If you have a complex topology or multiple deployment environments, you might need to create scenario objects for specific types of generated URLs.

Optional: Test IBM BPM clients, generated links, and functionality that you suspect might not work correctly with the default scenario settings in your topology.

For each deployment environment, use Table 3 to identify any scenarios for types of generated URLs that cannot be handled correctly by the default scenarios. Focus on any clients or types of links that do not work correctly. For example, because there is one remote artifact loader per deployment environment, you must define the REMOTE_AL scenario for each deployment environment to direct appropriately to https://hostname:port/RemoteAL/, where RemoteAL is specified as a uriPrefix. For each scenario key, decide whether the scenario will use a fixed URL, a fixed virtual host object, or a list of dynamic strategies to resolve the endpoint information.

Table 3. Optional scenario keys for generated URLs
Optional `BPMURL` scenario keys	Which default scenario objects is used if the optional scenario object is not set (`EXTERNAL_CLIENT`, `INTERNAL_CLIENT`, or `RELATIVE`)	Notes
`AE_BPM_REST_SERVICE_CR_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to contact the IBM BPM REST API service.
`AE_IMAGES_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to get images.
`AE_PORTAL_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach Process Portal.
`AE_REPOSITORY_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach the repository.
`AE_REST_GATEWAY_CR_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach the REST Services Gateway.
`AE_SERVLET_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer. This scenario must specify an absolute URL by setting the `url` property. The purpose of this scenario key is so that you can add your own target to the whitelist of targets to which Process Portal can redirect browsers to access dashboards. For security reasons, redirection to arbitrary targets is not allowed. IBM BPM enforces the following whitelist for allowable redirect targets. `localhost` `127.0.0.1` The host that is identified by the `AE_SERVLET_PREFIX` scenario's `url` attribute, which must be specified as an absolute URL. The host that is identified by the `PROCESS_PORTAL_DASHBOARD_REDIRECT_ADDITIONAL_WHITELISTED` scenario.
`AE_WEBAPI_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach the web API.
`AE_WEB_PD_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach Web based Process Designer.
`AE_SOCIALBUS_WEBAPP_PREFIX`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer authoring environment to reach the social bus web application.
`BPM_HELP`	`RELATIVE` and `EXTERNAL_CLIENT`	Configures the URLs generated to access the product help information in the BPMHelp.war file. If there is an active user, for example using a browser, the `RELATIVE` default is used, otherwise, if there is no active user, such as for a link in an email, the `EXTERNAL_CLIENT` default is used.
`BPM_REST`	`RELATIVE`	Configures the URLs generated to access the REST APIs.
`COACHGENERATION_TEAMWORKS_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the `IBM_BPM_Teamworks` application.
`COACHGENERATION_BPMREST_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the REST API.
`COACHGENERATION_PROCESSPORTALSUPPORT_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the Process Portal supporting application.
`COACHGENERATION_SOCIALBUSWEB_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the Process Portal notification application.
`COACHGENERATION_PROCESSPORTAL_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the Process Portal application.
`COACHGENERATION_WEBVIEWER_JS`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach the webviewer application.
`COACHGENERATION_AJAX_SERVLET`	`RELATIVE`	Configures the URLs that are used in JavaScript variables in coaches to reach Ajax services.
`COMMON_COACH_DESIGNER_XSL_URL`	`EXTERNAL_CLIENT`
`COMMON_PORTAL_PREFIX`	`EXTERNAL_CLIENT`
`COMMON_PROCESS_ADMIN_PREFIX`	`EXTERNAL_CLIENT`
`COMMON_TEAMWORKS_WEBAPP_PREFIX`	`EXTERNAL_CLIENT`	Is used to point to the `BPMVirtualHostInfo` object that is used by the `TeamworksWebappPrefixLegacyStrategy` strategy. For more information about this strategy, see Table 2.
`COMMON_WEBSERVICES_BASE_URL`	`EXTERNAL_CLIENT`
`EXPOSED_ITEMS`	`EXTERNAL_CLIENT`	Configures generated URLS for items that are exposed, such as favorites. By default it uses the `XForwardedHeaderStrategy` strategy.
`HEARTBEAT_DESIGNATED_DEPLOYMENT_ENDPOINT`	`INTERNAL_CLIENT`	Configures the URL that is used by Process Center to deploy applications to Process Server. The endpoint must resolve to the teamworks.war web module in the `IBM_BPM_Teamworks` application.
`IBM_BPM_DOCUMENTSTORE_CMIS_WEBSERVICE`	`INTERNAL_CLIENT`	Configures how the `EmbeddedECM` finds the CMIS web service.
`LSW_SERVLET`	`EXTERNAL_CLIENT`	Used by the LSW servlet. By default, it uses the following strategies: `WCCMConfigStrategy`, `XForwardedHeaderStrategy`, and `HttpProtocolHostStrategy`.
`NAVIGATION_UTILITY_TO_TEAMWORKS_HTML`	`RELATIVE`	Configures the navigation URLs that are generated in the utility module. These URLs are used by Process Portal.
`NAVIGATION_UTILITY_TO_TEAMWORKS_JSON`	`RELATIVE`	Configures the URLs in the navigation tree of the Server Admin tab of the Process Admin Console.
`PROCESSADMIN_TO_TEAMWORKS`	`RELATIVE`	Configures the URLs that are used from Process Admin Console to reach the `IBM_BPM_Teamworks` application.
`PROCESS_CENTER`	`EXTERNAL_CLIENT`	Configures URLs to Process Center.
`PROCESS_CENTER_RELATIVE`	`RELATIVE`	Configures URLs that are relative to the Process Center.
`PROCESSCENTER_TO_PROCESSADMIN`	`EXTERNAL_CLIENT`	Configures the URL that is used by the Process Center console to open the Process Admin Console of the online Process Server.
`PROCESS_PORTAL`	`RELATIVE` and `EXTERNAL_CLIENT`	Configures URLs to Process Portal. If there is an active user, for example using a browser, the `RELATIVE` default is used, otherwise, if there is no active user, such as for a link in an email, the `EXTERNAL_CLIENT` default is used.
`PROCESS_PORTAL_DASHBOARD_REDIRECT_ADDITIONAL_WHITELISTED`	`EXTERNAL_CLIENT`	The purpose of this scenario key is so that you can add your own target to the whitelist of targets to which Process Portal can redirect browsers to access dashboards. For security reasons, redirection to arbitrary targets is not allowed. IBM BPM enforces the following whitelist for allowable redirect targets. `localhost` `127.0.0.1` The host that is identified by the `AE_SERVLET_PREFIX` scenario's `url` attribute, which must be specified as an absolute URL. The host that is identified by the `PROCESS_PORTAL_DASHBOARD_REDIRECT_ADDITIONAL_WHITELISTED` scenario.
`PROCESS_PORTAL_JS`	`RELATIVE`	Configures URLs to Process Portal. You must set this scenario key in the following cases: Tivoli® Access Manager WebSEAL is configured in the IBM BPM topology. If Lotus Sametime is configured in the IBM BPM topology, set this scenario to use the `com.ibm.bpm.endpoint.impl.strategies.WCCMConfigStrategy`strategy and set the `virtualHost` property to point to the virtual host information object for the Process Portal server. If the `PROCESS_PORTAL` scenario key is configured for some other environment that is not related to WebSEAL or Sametime, then the `PROCESS_PORTAL_JS` scenario key must match the setting for the `PROCESS_PORTAL` scenario key.
`PROCESS_PORTAL_SUPPORT`	`RELATIVE` and `EXTERNAL_CLIENT`	Configures URLs to Process Portal support. If there is an active user, for example using a browser, the `RELATIVE` default is used, otherwise, if there is no active user, such as for a link in an email, the `EXTERNAL_CLIENT` default is used.
`PROCESS_PORTAL_SUPPORT_TO_BPM_HELP`		Configures URLs that are from Process Portal support to BPM help.
`PROCESS_PORTAL_SUPPORT_TO_PROCESS_PORTAL`		Configures URLs that are from Process Portal support to Process Portal.
`PROCESS_PORTAL_SUPPORT_TO_TEAMWORKS` and `PROCESS_PORTAL_SUPPORT_TO_TEAMWORKS_JS`		Configures URLs that are from Process Portal support to the Teamworks web archive WAR file. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_BPM_HELP` and `PROCESS_PORTAL_TO_BPM_HELP_JS`	`RELATIVE`	Configures the links in Process Portal that point to the product help information in the BPM_HELP.war file. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_BPM_REST` and `PROCESS_PORTAL_TO_BPM_REST_JS`	`RELATIVE`	Configures URLs that are from Process Portal to the IBM BPM REST API. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_BUSINESS_SPACE` and `PROCESS_PORTAL_TO_BUSINESS_SPACE_JS`	`RELATIVE`	Configures URLs that are from Process Portal to Business Space. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_BUSINESS_SPACE_HELP` and `PROCESS_PORTAL_TO_BUSINESS_SPACE_HELP_JS`	`RELATIVE`	Configures URLs that are from Process Portal to Business Space help. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_MASHUPS_RUNTIME` and `PROCESS_PORTAL_TO_MASHUPS_RUNTIME_JS`	`RELATIVE`	Configures URLs that are from Process Portal to mashups run time. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_PROCESS_PORTAL_SUPPORT` and `PROCESS_PORTAL_TO_PROCESS_PORTAL_SUPPORT_JS`	`RELATIVE`	Configures URLs that are from Process Portal to Process Portal support. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_SOCIAL_BUS_WEB` and `PROCESS_PORTAL_TO_SOCIAL_BUS_WEB_JS`	`RELATIVE`	Configures URLs that are from Process Portal to social bus web. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_TEAMWORKS` and `PROCESS_PORTAL_TO_TEAMWORKS_JS`	`RELATIVE`	Configures URLs that are from Process Portal targeting the Teamworks web archive WAR file. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_WEBAPI` and `PROCESS_PORTAL_TO_WEBAPI_JS`	`RELATIVE`	Configures URLs that are from Process Portal to the web API. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`PROCESS_PORTAL_TO_WEBVIEWER` and `PROCESS_PORTAL_TO_WEBVIEWER_JS`	`RELATIVE`	Configures URLs that are from Process Portal to the web viewer. Important: If you use Tivoli Access Manager WebSEAL, the scenario key ending with `_JS` must be configured to include the WebSEAL junction name so that URLs that are generated in JavaScript are handled correctly. If you do not use Tivoli Access Manager WebSEAL, both scenario keys must be set identically.
`REMOTE_AL`		Configures URLs to the remote artifact loader's Remote_AL_WEB.war file. There is one remote artifact loader per deployment environment, so if you have multiple deployment environments, you must define the `REMOTE_AL` scenario for each deployment environment to direct appropriately to `https://hostname:port/RemoteAL/`, where `RemoteAL` is specified as a required `uriPrefix`.
`SERVER_ACTIVITY_STREAM_IMAGE_LINK`	`EXTERNAL_CLIENT`	Configures the URL for the activity stream image, for example, `https://sureshb13:9443/ProcessPortal`. The path `/com/ibm/bpm/social/img/Bpm_connections_48x48.png` is appended to the value that you specify.
`SERVER_EMAIL_GADGET_LINK`	`EXTERNAL_CLIENT`	Configures the URL for the gadget XML file, for example `https://sureshb13:9443/ProcessPortal`. The path `/gadgets/OpenSocial/BPMOpenSocialGadget.xml` is appended to the value that you specify.
`SERVER_EMAIL_PORTAL_LINK`	`EXTERNAL_CLIENT`	Configures the URLs for links to Process Portal that are included in emails.
`SERVER_EMAIL_PORTAL_PROCESS_INFO_LINK`	`EXTERNAL_CLIENT`	Configures the URL for links to process information that are included in emails, for example `https://sureshb13:9443/ProcessPortal`. The path `/dashboards/TWP/Process+Performance?tw.local.selectedInstanceId={6}` is appended to the value that you specify.
`SERVER_EMAIL_PORTAL_RUN_TASK_LINK`	`EXTERNAL_CLIENT`	Configures the URLs for links (to run tasks) that are included in emails, for example `https://sureshb13:9443/ProcessPortal`. The path `/dashboards/TWP/BPM_WORK?tw.local.view=taskcompletion&tw.local.taskid={2}` is appended to the value that you specify.
`SERVER_EMAIL_TEMPLATE_CLIENT_LINK`	`EXTERNAL_CLIENT`	Configures the URLs for links (to the client template) that are included in emails.
`SERVER_TASK_NOTIFICATION_GADGET_LINK`	`EXTERNAL_CLIENT`
`SERVER_WEBIMAGES_PREFIX`	`EXTERNAL_CLIENT`
`SOCIAL_BUS_WEB`		Configures URLs to social bus web.
`TASK_REST_API`	`EXTERNAL_CLIENT`	Configures URLs used by the task REST API. By default it invokes the following strategies: `WCCMConfigStrategy`, `WebsphereProxyHeaderStrategy`, `XForwardedHeaderStrategy`, and `HttpProtocolHostStrategy`.
`TASK_TEMPLATE_REST_API`	`EXTERNAL_CLIENT`	Configures URLs used by the task template REST API. By default it invokes the following strategies: `WCCMConfigStrategy`, `WebsphereProxyHeaderStrategy`, `XForwardedHeaderStrategy`, and `HttpProtocolHostStrategy`.
`TEAMWORKS`	`RELATIVE`	Configures URLs to Teamworks.
`TEAMWORKS_TO_BUSINESSSPACE`	`RELATIVE`	Configures URLs in Teamworks to Business Space.
`TEAMWORKS_TO_MASHUPS_RUNTIME`	`RELATIVE`	Configures URLs in Teamworks to get data from mashups run time.
`TEAMWORKS_TO_PROCESS_PORTAL_SUPPORT`	`RELATIVE`	Configures URLs in Teamworks to Process Portal support.
`TEAMWORKS_TO_PROCESSADMIN`	`RELATIVE`	Configures URLs in Teamworks to get back to the Process Admin Console. For example, on the Process Admin welcome page this scenario key is used to generate the URL to the Process Status Summary widget.
`WEBVIEWER`	`RELATIVE` and `EXTERNAL_CLIENT`	Configures URLs to the web viewer. If there is an active user, for example using a browser, the `RELATIVE` default is used, otherwise, if there is no active user, such as for a link in an email, the `EXTERNAL_CLIENT` default is used.
`WEBPD`	`EXTERNAL_CLIENT`	Configures the URLs generated to access the Process Designer web editor in the web-pd.war file.
`WEBPD_TO_BPMREST`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer web editor to contact the IBM BPM REST API service.
`WEBPD_TO_BPMHELP`	`EXTERNAL_CLIENT`	Configures the URLs generated to access the product help information from the Process Designer web editor.
`WEBPD_TO_SOCIALBUS`	`EXTERNAL_CLIENT`	Configures the URLs that are used in Web based Process Designer to reach the Process Portal notification application.
`WEBPD_TO_TEAMWORKS`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer web editor targeting the Teamworks web archive WAR file.
`WEBPD_TO_COACHFLOW_RT`	`EXTERNAL_CLIENT`	Configures the URLs that are used in the Process Designer web editor targeting the coach flow web archive WAR file (bpm.coachflow.war).

If you identified any optional scenarios in Table 3 that must be configured, complete the following actions:
Remember: Because the optional scenario objects do not always exist in each deployment environment configuration, you might need to create them.
1. For each deployment environment that requires changes to the optional scenarios, perform the following actions.
  1. Get and display your deployment environment object. Substituting your cell name for cell_name, complete the following actions.
    - If you have only one deployment environment, enter the following commands at the wsadmin prompt:
```
dePath='/Cell:cell_name/BPMCellConfigExtension:/BPMDeploymentEnvironment:/'
de=AdminConfig.getid(dePath)
de
```
    - If you have multiple deployment environments, and you want to modify the endpoints for the deployment environment named deployment_env_name, enter the following commands at the wsadmin prompt:
```
dePath='/Cell:cell_name/BPMCellConfigExtension:/BPMDeploymentEnvironment:deployment_env_name/'
de=AdminConfig.getid(dePath)
de
```
  2. For each optional scenario, SCENARIO_KEY that you want to modify:
    1. Identify the scenario by entering the following command:
```
scenario='SCENARIO_KEY'
```
      Remember: Replace SCENARIO_KEY with the appropriate scenario key value from Table 3.
    2. If you cannot use the default virtual host information object, default_vh, for the deployment environment create a new virtual host object, vh_N. For example, if the virtual host is https://webserver.example.com:443, with no URI prefix, enter the following command:
```
vh_N=AdminConfig.create('BPMVirtualHostInfo',de,
                                      [['name','vh_N'],
                                       ['transportProtocol','https'],
                                       ['hostname','webserver.example.com'],
                                       ['port','443'],
                                       ['uriPrefix','']],
                                      'virtualHosts')
```
    3. Check whether the BPMURL object for the scenario is already defined, by entering the following commands:
```
dePath='/BPMCellConfigExtension:/BPMDeploymentEnvironment:/'
bpmurlsid=AdminConfig.getid(dePath+'BPMURLS:/')               
bpmurllist=AdminUtilities.convertToList(AdminConfig.list("BPMURL", bpmurlsid))      
bpmurl=None                                                     
for item in bpmurllist :                                      
  if AdminConfig.showAttribute(item,'scenario')==scenario : bpmurl=item    

print bpmurl        
```
      Important: Because Jython relies on indentation to identify the contents of a loop, the space character before the if statement is required, and pressing enter twice is necessary to execute the loop.
      1. If '' is still shown as the result of the bpmurl command, the BPMURL object for the scenario does not exist. Create the BPMURL object and set the necessary properties by entering something similar to the following:
        bpmurlsPath=dePath+'BPMURLS:/' bpmurlsid=AdminConfig.getid(bpmurlsPath) bpmurl=AdminConfig.create('BPMURL',bpmurlsid, [['scenario',scenario], ['virtualHost',vh_N], ['strategies','com.ibm.bpm.endpoint.impl.strategies.XForwardedHeaderStrategy, com.ibm.bpm.endpoint.impl.strategies.WCCMConfigStrategy'], ['url','https://example.com:9444']])
        
        Important: If you set values for virtualHost and url, as is shown in the previous example, the url setting is used, and the virtualHost setting is ignored.
      2. If a BPMURL object for the scenario is already defined in the deployment environment, modify the existing object by completing one of the following actions:
        If you decided to use a virtual host object, modify the BPMURL object for the scenario, scenario to set the virtualHost pointer to the appropriate BPMVirtualHostInfo object. For example, if you created a suitable object that is pointed to by the wsadmin variable vh_N, enter the following command:
        AdminConfig.modify(bpmurl,[['virtualHost',vh_N]])
        
        Important: If values are set for virtualHost and url, the url setting is used and the virtualHost setting is ignored.
        
        If you decided to use a fixed URL, set the url attribute on the BPMURL object for the scenario, scenario. For example, to set the URL https://webserver.example.com:443, enter the following command:
        AdminConfig.modify(bpmurl,[['url','https://webserver.example.com:443']])
        
        If you decided to use dynamic predefined strategies to extract the host information, modify the BPMURL object for the scenario, scenario to set the strategies property. For example, to set the bpmurl object to use the WebsphereProxyHeaderStrategy, XForwardedHeaderStrategy, and HttpProtocolHostStrategy' strategies, enter the following command:
        AdminConfig.modify(bpmurl, [['strategies', 'com.ibm.bpm.endpoint.impl.strategies.WebsphereProxyHeaderStrategy, com.ibm.bpm.endpoint.impl.strategies.XForwardedHeaderStrategy, com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy']])
2. Save any changes.
```
AdminConfig.save()
```

Activate the new settings by performing a ripple start of your clusters.
Optional: Verify that the endpoints that you configured work as expected. Depending on which endpoints you configured, check that the clients that are affected by the endpoint changes are working correctly. For example, any changes to a scenario with a key that starts with the string PROCESS_PORTAL can be tested by using Process Portal from a browser. If there are any problems, check and correct the endpoint settings for URLs that are not working.

Results

All URLs that are generated by IBM BPM work correctly in your topology.