These docs are for v1.1. Click to read the latest docs for v1.2.

Configuring Header Authentication

You can use the header authentication method if the login-protected resources within the application you want to scan require one or more static header authentication tokens, which are generated outside of Bright.

๐Ÿ“˜

Note:

In case a specified authentication token expires, the authentication object will no longer provide Bright with the ability to reach authenticated resources of that particular target.

๐Ÿ‘

Related Link:

This topic describes only how to fill in fields specific for header form authentication (the Setup tab). For general steps, see Creating Authentication.

From the Authentication type dropdown list, select Header authentication, and then add the authentication Headers.

FieldGuidelines
Merge StrategySelect whether the specified header must be replaced or appended before sending each request, for example, authentication cookies.
NameSelect an additional header to be replaced or appended before sending each request, Authorization.
ValueEnter the header value.
  • You can add as many headers as you need by clicking + Add header at the bottom of the Headers section.
  • To delete a header, click next to the corresponding header field.

๐Ÿ‘

Tip:

There are cases when MFA is required ONLY on initial IP login. This means that our scan IP can be validated once and will not require any further MFA validations. For that case, you need to identify which cookie supports the completed MFA/2FA and include a valid cookie as a part of your authentication object.

๐Ÿ“˜

Note:

Bright allows testing a scan before saving it. For details, see the Testing Authentication.