Authentication FAQs
Click to view navigation pane

Home

Authentication FAQs

Tell me about statusTell me about status

The status tells you the authentication status of the last scan using the record.

Success - Authentication was successful for the last scan using this record.

Failure - Authentication failed for the last scan using this record.

Partial - Partial authentication occurred for the last scan using this record. Learn more

What does Partial mean? Partial can mean a few different things. For example, if there is a combination of form and server authentication and one is successful and the other is not. Or, if authentication is successful and we find another place to login during the crawl and it is not successful, or there is no record for it.

Not_used: Authentication was not used for the last scan using this record, and the scan completed per QID 150006.

Don't see an any status? This means the record has not been used yet by any scan.

Can I make the authentication record available to others?Can I make the authentication record available to others?

Apply tags to your authentication record. Users whose scopes include a tag in common with your authentication record will be able to access the record.

Tell me about Selenium scriptsTell me about Selenium scripts

We support the use of Selenium scripts when uploaded to web application settings and authentication records. Uploaded scripts are replayed during web application scanning. For example:

- We can replay recorded steps to scan a web application that requires complex workflows, such as selecting user input combinations that require certain knowledge and/or user interaction.

- We can replay recorded steps, like clicking a series of buttons or filling out forms.

- We can replay recorded steps to complete login and authentication requirements.

Use Qualys Browser Recorder to create a Selenium scripts.

For more information, see Use Selenium Script.

Tell me about Parameterization of Username and Password in Selenium scriptsTell me about Parameterization of Username and Password in Selenium scripts

We allow you to parameterize the username and password used in the login form so that you do not have to manually edit the script whenever the login form's username and password is changed. This simplifies managing the username and password.

For more information, see Parameterize Username and Password Parameters in Selenium Script.

Tell me about authentication record permissionsTell me about authentication record permissions

Manager users have full rights to manage authentication records. For other users their assigned roles and permissions determine whether they have WAS Authentication Record Permissions, that is, create, update, delete. To see a user's assigned roles, go to the Administration utility (select from the application picker) and view/edit the user of interest. For more information, see Authentication Permissions.