Absent Member.
Absent Member.
4180 views

WebInspect with CAC Enabled application

Has anyone used the new feature in WebInspect for CAC authentication into an application? How did you get it to work?

Labels (1)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

I had recorded an internal-only developer class on this new feature, so let me try to convey this.

At the start when loading the site in the Guided Scan wizard, the user should get the prompt to select their certificate.  This assumes that loading that page is what triggers the cert request, and that the user already has their CAC cert listed in the Windows cert store for them to select.  WebInspect will only be able to browse these sections of the Windows cert store:  Local Machine and Current User.

The certificate selection window will include a sub-entry area where the user can enter and Test the PIN needed to unlock the selected certificate.  If the high-lighted cert does not require this, then that sub-area is not shown.  Once entered and selected, WebInspect will use that PIN as needed to access that cert throughout the scan.

 

If you prefer to use the Basic Scan Wizard, or pre-setting the scan details (Default Scan Settings), open the Scan Settings dialog (lower left corner of Basic Scan wizard), and go to the Authentication panel.  Enable the box for "Client Certificate", then press the Select button and go through the same selection window and Pin Test as described above.

 

For scanning SOAP-based web services, you would find this same cert selection dialog by opening the Web Services Scan wizard > open the Web Service Designer tool (Design button) > Settings menu > Network Authentication panel > "Client Certificate" button.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.