After you deploy risk-based access, the runtime security services authorization service URL does not present a challenge for basic authentication.
When the challenge is not presented for basic authentication, it causes communication failure between the external authorization service (EAS) and runtime security services.
Resolving the problem
After you deploy risk-based access, you must configure WebSphere Application Server Quality of Protection (QoP) under SSL settings.
- To access these settings, on the WebSphere Application Server administrative console, go to SSL Certificate and Key Management > SSL Configurations > Node Default SSL Settings > Quality of Protection.
- Set Client Authentication to Supported.
- Set Protocol to SSL_TLS.
- On the WebSphere Application Server administrative console, go to Global Security > Web Security – General Settings.
- Ensure that the following option is selected: Default to basic authentication when certificate authentication for the HTTPS client fails.