|Applies To||RSA Product Set: Identity Governance and Lifecycle|
RSA Product/Service Type: Appliance
RSA Version/Condition: 7.0.2
When logging in via an F5 Load Balancer, accessing a Workflow hangs, and the browser shows the following error (as per the Chrome developer console).
Mixed Content: The page at 'https://igl.rsa.com/aveksa/main?Oid=5751%3AWPDS&ReqType=GetPage&PageID=ChangeApprovalDefinitionPageData&ObjectClass=com.aveksa.gui.objects.workflow.GuiWorkflowProcessDefinition' was loaded over HTTPS, but requested an insecure stylesheet 'http://igl.rsa.com/aveksaWFArchitect/static/wp-architect/build/production/AppClientArchitect/classic/resources/wp-base/icons/style.css'. This request has been blocked; the content must be served over HTTPS
The server name in the HTTPS URL (that is, https://igl.rsa.com) will be different on your implementation of RSA Identity Governance and Lifecycle.
|Cause||The cause of the issue is documented in the following IBM Support Technote and F5 (Load Balancer) Knowledge article;|
|Resolution||Please work through the solution steps from the IBM Support Technote swg21221253 - Offloading SSL traffic causes improper redirects or links to HTTP.|
For your convenience, the IBM solution has been reproduced here.
Resolving the problem
The behavior of the WebSphere Application Server has been modified to help avoid the symptoms mentioned in the problem description. To take advantage of such behavior, you must update the external component handling the SSL connection as well as the WebSphere Application Server configuration as follows:
The name of the field that is added to the HTTP header is left to the discretion of the administrator of the external component handling SSL. WebSphere Application Server is simply going to look at this name in order to confirm that it matches the httpsIndicatorHeader value.
|Notes||This issue is related to article 000035501 - Unable to open any workflow on RSA Identity Governance & Lifecycle 7.0.2 or 7.1.0 when deployed in a clustered environment or on an application server with custom access ports, but differs in that this issue is due to a problem with the IBM WebSphere application server.|