In a test environment that uses an HTTP binding (as opposed to HTTPS), you must uncomment the InsecureTransport endpoint in the Web.config file of the OnBase Application Server.
In the Web.config file of Application Server, remove the comment tags (<!-- and -->) that enclose the following endpoint:
<endpoint name="InsecureTransport" address="" binding="basicHttpBinding" bindingConfiguration="InsecureCoreAccessTokenTransport" contract="Hyland.Common.Core.Security.ICoreAccessTokenServices" />