Configuring Header Authentication

You can use the header authentication method if the login-protected resources within the application you want to scan require one or more static header authentication tokens, which are generated outside of Bright.

📘

Note

In case a specified authentication token expires, the authentication object will no longer provide Bright with the ability to reach authenticated resources of that particular target.

📘

Note

This topic describes only how to fill in fields specific for header form authentication (the Setup tab). For general steps, see Creating Authentication.

From the Authentication type drop-down list, select Header authentication, and then add the authentication Headers.

15611561
Field Guidelines
Merge Strategy Select whether the specified header must be replaced or appended before sending each request, for example, authentication cookies.
Name Select an additional header to be replaced or appended before sending each request,, Authirization.
Value Enter the header value.
  • You can add as many headers as you need by clicking + Add header at the bottom of the Headers section.
  • To delete a header, click next to the corresponding header field.

👍

Tip

There are cases when MFA is required ONLY on initial IP login. This means that our scan IP can be validated once and will not require any further MFA validations. For that case, you need to identify which cookie supports the completed MFA/2FA and include a valid cookie as a part of your authentication object.

📘

Note

Bright allows testing a scan before saving it. For details, see the Testing Authentication.


Did this page help you?