Contributor.. Deepti Ghai Contributor..
Contributor..
1294 views

How to run scan on Azure AD using Web Inspect Enterprise?

Hello Team,

We are not able to run scans on applications using Azure AD mechanism.

Actually, application is not able to login even after providing credentials. It gets stuck on asking for Username and Password. 
We are using WebInspect Enterprise Version 17.20. 322.0 .

Please suggest the solution for the same.

 

Thanks & Regards,

Deepti Ghai

 

 

Labels (2)
0 Likes
4 Replies
Raphael Hagi Super Contributor.
Super Contributor.

Re: How to run scan on Azure AD using Web Inspect Enterprise?

How do you do the login process? 


Data, or do not.
0 Likes
Contributor.. Deepti Ghai Contributor..
Contributor..

Re: How to run scan on Azure AD using Web Inspect Enterprise?

We are trying to login using both methods, i.e. Application Authentication ( creating a login macro) and Network Authentication.

Data is there in the application. 

Please suggest if any other possible solution is required for the same.

0 Likes
Raphael Hagi Super Contributor.
Super Contributor.

Re: How to run scan on Azure AD using Web Inspect Enterprise?

Hello,

For authentication using your application, there is some sessionID cookie or similar? Maybe this cookies are required for requests after the login process, check this thread: https://community.microfocus.com/t5/Fortify-User-Discussions/How-to-create-a-login-macro-with-the-cookies-JSESSIONID-and/td-p/1791027

 


Data, or do not.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: How to run scan on Azure AD using Web Inspect Enterprise?

Can you provide details precisely on how the authentication works normally and what is failing in your Login Macro?  for trouble-shooting this, I would leave the Scan wizard and instead focus on using the Login Macro Recorder tool ("LMR") directly, since it affords more information and details for this work.  Additionally, you can run the LMR tool through an instance of Web Proxy (or any intercept proxy) to monitor the traffic directly.

For instance, is the Replay of the macro failing to Locate the username and/or password fields?  This may require you adjust how the Object Location works for those particular recorded sessions.

Another useful data set is to run your browser through an intercept proxy, and record the "normal" process of logging in and then logging out.  I would add some delay or extraneous sessions between the Log On and the Log Out, to make it simpler to differentiate between the two processes in your review.

 

Both of these sets of proxy recordings can be indispensable to Fortify Support (https://softwaresupport.softwaregrp.com) should you need additional assistance reviewing the issue.

 

For self-help, there are a host or similar articles on the user forums, Tagged with "login_macro" or perhaps "login_macro_recorder".


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.