Sali Hoo
Reputation: 753
ZAP Jenkins authentication failure
I have configured my job to use form-based authentication, but it seems that it ignores authentication. Even if I use incorrect user-name password I don't see an error!
[ZAP Jenkins Plugin] SPIDER SCAN STATUS [ 0% ]
[ZAP Jenkins Plugin] ALERTS COUNT [ 0 ]
4088 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Starting spider...
4088 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider - Scan will be performed from the point of view of User: [email protected]
4108 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.users.User - Authenticating user: [email protected]
4483 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.spider.Spider - Spidering process is complete. Shutting down...
In my settings I have:
Thanks.
Upvotes: 1
Views: 521
Answers (1)
Simon Bennetts
Reputation: 6186
I'd recommend using the ZAP Desktop app to test your authentication first - its easier to see whats going on. We have a FAQ for form based auth: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
Once you have it working in the Desktop UI you can replicate the configuration in Jenkins.
For reference, the problem was actually the context definition - it should have been: "https://app.klipfolio.com/.*" - see https://groups.google.com/d/msg/zaproxy-users/FDeqAB8jlQ0/4VvMhAjZBAAJ
Upvotes: 1
Related Questions
- OWASP ZAP can not test API
- Jenkins Security - Unable to login
- Issue with owasp zap plugin in jenkins
- Unable to login Jenkins-Invalid username or password error
- How to utilize ZAP running on another machine
- Username and password not accepting in jenkins job
- ZAP Scan progress is 0% while trying to run ZAP Scan from Remote Jenkins Server ( External Jenkins Server ) by Specifying ZAP host as node
- ZAP Jenkins configuration for windows
- Authentication failed: jenkins deployment
- Jenkins "Invalid Login Information"