Testing Authentication
Preliminary authentication testing helps verify whether the authentication object has been configured correctly. This allows you to reveal configuration issues on time before running a scan.
To test your authentication object, click "Test authentication" at the bottom of the "Create authentication" dialog.
The application displays the test results in a separate Test results tab.
- A valid authentication object returns three success messages indicated in the relevant Test results sections:
- Test Authentication Triggers provides the test request and response data.
- Authentication call (fillForm #) provides a screenshot of the form filled by the engine per stage.
- Authentication call (submitForm #) provides a screenshot of the authenticated page as evidence of the successful login.
- Authentication call (Page Interaction Result) provides a screenshot, request and response of the post-login URL as evidence of the successful login.
- Access Protected Resource provides the test request and response data.
In this case, you can save the configured object and add it to your scans.
- If the test results include a failure message, return to the object configurations and verify their correctness. Use the test request/response data to find and fix a specific failure.
Note:
The Bright engine only supports the
set-cookie
headers that are less than 4097 bytes. If the received header exceeds this limit, the engine will ignore the header and will not include it in the request/response data. Breaking the limit may also cause authentication object failure.
Updated 2 months ago