Advanced login troubleshooting workflow

Steps to help advanced users troubleshoot login issues.

About this task

The following steps are designed to help you identify and solve login problems systematically. After each suggested step in the workflow, try running the scan again to see if the problem is resolved.

Procedure

Set the action-based browser to be visible

In Tools > Options > Advanced > SessionManagement.ShowActionBasedPlayerWindow change the setting to True, so you can see the browser actions.
Verify that the site is up and the credentials are correct

Open the Starting URL in a regular browser and verify that it is possible to log in manually with the credentials you provided.
Advanced Configuration adjustments
In Scan Configuration > URL and Servers view, click View in browser and verify that the AppScan browser is able to log in.
- If a script error pop-up appears, try the following (individually or all together):
  - In Scan Configuration > Advanced Configuration > Communication: Remove 'Accept-Encoding' header change the setting to False and click Apply.
  - In Scan Configuration > Advanced Configuration > General: Proxy file extension filter delete all content in the Value field and click Apply.
  - In Scan Configuration > Advanced Configuration > Session management: Sequence Content Type Filter delete all content in the Value field and click Apply.
- If the site behaves differently in the AppScan browser to the way it behaved in your regular browser, try this:
  - In Scan Configuration > Explore Options > User Agent, click the Edit icon, delete all content, and click Apply.
- If the recorded login procedure includes a dialog box that the user needs to close by clicking Yes, OK, Confirm or similar, try this:
  1. Open Scan Configuration > Advanced and locate this setting: Action Based: Automatically approve JS dialogs in the browser.
    By default this is set to False, meaning that AppScan closes such dialogs by clicking No or Close.
  2. Change the setting to True.
Site that use HTTP authentication
If the site uses HTTP authentication (if you get a pop-up requiring authentication), do the following:
1. In Scan Configuration > Login Management view, set Login Method to None.
2. In Scan Configuration > HTTP Authentication view, supply the username and password, and if needed also the domain.
  Note: If the username contains a forward slash (/), the content before it is the domain, and after it is the username. Otherwise leave the Domain field empty.
Automatic Login
If you are using Automatic Login, try the following:
1. In Scan Configuration > Login Management > Login/Logout tab, verify that the Login method is set to Automatic.
2. Fill in the Username and Password.
3. In Scan Configuration > Login Management > Details tab, click Auto Detect In-Session configuration.
  When AppScan tries to log in to the site automatically, three types of issue can occur:
  - If AppScan fails to fill the login fields, it may not be able to identify them:
    1. Open the Starting URL in a regular browser.
    2. Right-click on the Username field, and select Inspect.
    3. In the HTML source code pane that opens, locate the ID value of the Username field, and copy it to the clipboard.
    4. In AppScan, go to Scan Configuration > Automatic Form Fill, and paste the ID value into the Username Parameters field.
    5. Repeat steps ii-iv for the Password ID value.
  - If AppScan clicks the wrong buttons, switch to Recorded Login.
  - If AppScan fails to identify an In-Session Pattern, refer to Select Detection Pattern dialog box
Recorded Login

See Action-based login troubleshooting
Switch to Request-based Login
If none of the above work, try using Request-based Login with an external browser:
1. In Tools > Options > Scan Options click the Use External Browser check box, and select a browser.
2. In Scan Configuration > Login Management set the Login Method to Recorded.
3. Click Record > Use External Browser.
4. Log in to the site and close the browser.