I have setup IBM MobileFirst 7.0 with IBM HTTPServer. HTTPServer only listens for SSL traffic on 443 (no requests over http on port 80 are being processed). The plugin-cfg.xml is directing the /appcenterconsole URLs to the WebSphere Liberty server running the MobileFirst app.
At first, the App Center console loaded and I could login, but any calls to /appcenterconsole/services/* were getting a certificate chain error. I fixed this by adding the http server's certificate to the Liberty keystore. After executing this change, the behavior changed such that on login to App Center, the user immediately receives a 'Your session has expired' message and is sent back to the login page.
Why is my session getting lost? The HTTP server has a JSESIONID for requests to /appcenterconsole/*.
Can the HTTP plugin send the traffic over http to the Liberty server to avoid the SSL chain issue?
This looks like an SSO (Single Sign On) problem. There are two web application, AppCenterConsole and AppCenterServices, and both require authentication, hence they should be set up with SSO. It seems you reach the AppCenterConsole but not the AppCenterService.
Liberty has SSO by default, but if you are using multiple servers, ensure that you have followed the instructions Configuring LTPA on the Liberty profile in the Websphere Liberty Profile documentation.
Alternatively, you can set the JNDI property ibm.appcenter.ui.cors to false for the AppCenterConsole. This will avoid the redirection of requests from the AppCenterConsole to the AppCenterService. If it doesn't already fix the problem, then at least it will produce a better error message with a stack trace that points to the real problem.