IBFA In HTTPS Will Not Prompt Authentification (Doc ID 2254520.1)

Last updated on APRIL 12, 2017

Applies to:

Oracle Insurance Insbridge Rating and Underwriting - Version 5.2.0.0.0 and later
Information in this document applies to any platform.

Symptoms

On : Insbridge 5.2.0.0.0 version, Framework Administrator IBFA

ACTUAL BEHAVIOR
---------------
IBFA in https will not prompt authentification

We've enabled SSL in IIS8.5 and set the IBFA authentication to enable just "Windows authentication" which should prompt users for another authentication when attempting to access IBFA in order to have audit logs recording any change and manipulation.

Although this works in HTTP, we have disabled the unsecure protocol and only left HTTPS. When a user logs in from a workstation, the user is prompted to login to the Insbridge portal and when the user logs on IBFA which is set in HTTPS the user goes straight through and is not prompted to enter credentials again like it is the case with HTTP.

EXPECTED BEHAVIOR
-----------------------
User should have to enter credentials to enter IBFA

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users are able to log into IBFA without entering credentials.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms