Testing Authentication

Preliminary authentication testing helps verify whether the authentication object has been configured correctly. This allows you to reveal configuration issues on time before running a scan.

To test your authentication object, click "Test authentication" at the bottom of the "Create authentication" dialog.

The application displays the test results in a separate Test results tab.

• A valid authentication object returns three success messages indicated in the relevant Test results sections:
  • Test Authentication Triggers provides the test request and response data.
  • Authentication call (fillForm #) provides a screenshot of the form filled by the engine per stage.
  • Authentication call (submitForm #) provides a screenshot of the authenticated page as evidence of the successful login.
  • Authentication call (Page Interaction Result) provides a screenshot, request and response of the post-login URL as evidence of the successful login.
  • Access Protected Resource provides the test request and response data.

In this case, you can save the configured object and add it to your scans.

• If the test results include a failure message, return to the object configurations and verify their correctness. Use the test request/response data to find and fix a specific failure.

📘

Note:

The Bright engine only supports the set-cookie headers that are less than 4097 bytes. If the received header exceeds this limit, the engine will ignore the header and will not include it in the request/response data. Breaking the limit may also cause authentication object failure.