AnsweredAssumed Answered

WAS Multiple Integrated Authentication Requests

Question asked by Taylor on Jun 25, 2013
Latest reply on Jun 26, 2013 by WillB

Hello,

 

I am trying to scan an internal website which uses integrated authentication.  I tried to access the site through Firefox and IE9 to see the different steps for authentication.

 

If I use Internet Explorer:

Step 1 - I enter our web application link into the URL and our app portal page is displayed.
Step 2 - On our app portal webpage I click login (w/ single sign-on selected) and then the web application page is displayed.
Step 3 - At this point I am logged into the web application.

 

If I use Firefox:

Step 1 - I enter our web application link into the URL and an authentication box immediately pops up.
Step 2 - The authentication box lists the link for the web application.  I enter my domain credentials and another authentication box pops up.
Step 3 - The authentication box lists the link for our app portal.  I enter my domain credentials and our app portal page is displayed.
Step 4 - On the app portal webpage I click login (w/ single sign-on selected) and then the web application page is displayed.
Step 5 - At this point I am logged into the web application.

 

Now when I attempt a discovery scan on the web application the report indicates a successful authentication.  However the report indicates that there were no links crawled and landing page screenshot shows an unauthorized error page.  I've been able to hit the same unauthorized error page when using Firefox if I don't enter credentials in step 3.  So I believe the scanner is authenticating once, but not twice as in the Firefox example.

 

Can the scanner authenticate multiple times?  Is there something I need to set in the scanner web application settings?

Outcomes