Advanced login troubleshooting workflow
Steps to help advanced users troubleshoot login issues.
About this task
Procedure
-
Set the action-based browser to be visible
In Tools > Options > Advanced > SessionManagement.ShowActionBasedPlayerWindow change the setting to True, so you can see the browser actions.
-
Verify that the site is up and the credentials are correct
Open the Starting URL in a regular browser and verify that it is possible to log in manually with the credentials you provided.
-
Advanced Configuration adjustments
In Scan Configuration > URL and Servers view, click View in browser and verify that the AppScan browser is able to log in.
- If a script error pop-up appears, try the following (individually or all together):
- In Scan Configuration > Advanced Configuration > Communication: Remove 'Accept-Encoding' header change the setting to False and click Apply.
- In Scan Configuration > Advanced Configuration > General: Proxy file extension filter delete all content in the Value field and click Apply.
- In Scan Configuration > Advanced Configuration > Session management: Sequence Content Type Filter delete all content in the Value field and click Apply.
- If the site behaves differently in the AppScan browser to the way it behaved in your regular
browser, try the following:
- In Scan Configuration > Explore Options > User Agent, click the Edit icon, delete all content, and click Apply.
- If the recorded login procedure includes a dialog box that the user needs to close by
clicking Yes, OK, Confirm or similar, try this:
- Open Scan Configuration > Advanced and locate this setting: Action
Based: Automatically approve JS dialogs in the browser.
By default this is set to False, meaning that AppScan closes such dialogs by clicking No or Close.
- Change the setting to True.
- Open Scan Configuration > Advanced and locate this setting: Action
Based: Automatically approve JS dialogs in the browser.
- If a script error pop-up appears, try the following (individually or all together):
-
Site that use HTTP authentication
If the site uses HTTP authentication (if you get a pop-up requiring authentication), do the following:
- In Scan Configuration > Login Management view, set Login Method to None.
- In Scan Configuration > HTTP Authentication view, supply the username and password, and
if needed also the domain.Note: If the username contains a forward slash (/), the content before it is the domain, and after it is the username. Otherwise leave the Domain field empty.
-
Automatic Login
If you are using Automatic Login, try the following:
- In Scan Configuration > Login Management > Login/Logout tab, verify that the Login method is set to Automatic.
- Fill in the Username and Password.
- In Scan Configuration > Login Management > Details tab, click Auto Detect In-Session
configuration.
When AppScan tries to log in to the site automatically, three types of issue can occur:
- If AppScan fails to fill the login fields, it may not be able to identify them:
- Open the Starting URL in a regular browser.
- Right-click on the Username field, and select Inspect.
- In the HTML source code pane that opens, locate the ID value of the Username field, and copy it to the clipboard.
- In AppScan, go to Scan Configuration > Automatic Form Fill, and paste the ID value into the Username Parameters field.
- Repeat steps ii-iv for the Password ID value.
- If AppScan clicks the wrong buttons, switch to Recorded Login.
- If AppScan fails to identify an In-Session Pattern, refer to Select Detection Pattern dialog box
- If AppScan fails to fill the login fields, it may not be able to identify them:
-
Recorded Login
If you are using Recorded Login, try the following:
- In Scan Configuration > Login Management > Login/Logout tab, verify that the Login method is set to Recorded.
- Record the Login sequence.
- Open the Details tab > Actions list, and click the Play button.AppScan attempts to log in to the site. The following issues may occur:
- If AppScan fills the login and password parameters too fast, go to Login Management > Details > Actions list, and increase the Wait period between actions.
- If AppScan misses out some actions, try changing mouse-click for Tab/Enter, or the reverse.
- In Details tab > Actions list, click Validate.
AppScan plays the sequence and attempts to identify an In-Session pattern. If an in-session pattern is not found, try adding an additional step to the sequence, after the login step, to reach a page with more information (such as "Welcome [username]" or "[userID]", that AppScan can use as the In-Session pattern.
-
Switch to Request-based Login
If none of the above work, try using Request-based Login with an external browser:
- In Tools > Options > Scan Options click the Use External Browser check box, and select a browser.
- In Scan Configuration > Login Management set the Login Method to Recorded.
- Click Record > Use External Browser.
- Log in to the site and close the browser.