Knowledge Doc: [WebInspect] Login macro two-factor authentication step failing


Login macro is failing due to a two-factor authentication popup never displaying because the session is still active.

Fortify WebInspect

Fortify WebInspect

Steps for two-factor authentication that results in the two-factor popup not always being presented:

  1. Upon launching the browser and navigating to the site, the application checks for a unique device ID.
  2. If a unique device ID is not found, the application creates one and stores it in Local Storage.
  3. User is prompted to enter their username and password.
  4. If the device ID is new, the user is prompted with two-factor popup.
  5. If the device ID is not new, the login process is completed and the browser is directed to the home page.
  6. Steps 1, 2, 3, and 4 are repeated each time the user launches a new instance of the browser - the user is prompted with a popup.
  7. If the browser remains open and the user just re-authenticates, only step 5 is repeated - the user is logged in with username and password only.

The login macro expects the two-factor authentication popup on each playback, but because the browser instance is not closed, the device ID is still valid so the popup is not displayed. This causes the login macro to wait for the popup which is never presented and it will eventually give up and stop the scan.

Read Full Knowledge Base Article for Resolution. 

URL Name


Knowledge Docs
Comment List