On this page, select type of authentication and credentials to be used to authentication against a web application. You can select the either Form Record or OAuth2 Record.
Select Form Record.
Select the form authentication type.
Standard Login: Enter one set of credentials for standard login form authentication.
Custom: Enter fields other than the standard login credentials, for example, customerID.
Selenium Script: If you want our service to attempt authentication using a Selenium IDE script. You must upload a valid Selenium script. Click browse to upload a script from your local file system, or drag and drop the file into the Add selenium scripts window.
You can quickly update the username and password for a login form in the authentication record itself. We support parameters for username and password in the selenium script. Just add @@authusername@@ and @@authpassword@@ in the selenium script and then upload it in the Qualys WAS Authentication Record.
Select the Add credentials to Selenium Script check box and provide the username and password. During the scan, we will replace @@authusername@@ and @@authpassword@@ with this username and password. For more information, see Use Selenium Script.
Select OAuth2 Record.
Select grant type for OAuth2 record.
Authorization Code: Enter the OAuth2 authentication credentials. Required fields are: Redirect URL and Access token URL.
Implicit: Enter the OAuth2 Implicit configuration. Required field is Redirect URL. Scope, Client ID, Client Secret, and Access token expired message pattern are optional fields.
When you select Authorization Code or Implicit grant type, you must upload a valid Selenium script. Click browse to upload a script from your local file system, or drag and drop the file into the Add selenium scripts window.
Select the Add credentials to Selenium Script check box and provide the username and password. During the scan, we will replace @@authusername@@ and @@authpassword@@ with this username and password. For more information, see Use Selenium Script.
Client Credentials: Enter the OAuth2 Client Credentials. Required field is Access token URL. Required field is Access token URL. Scope, Client ID, and Client Secret are optional fields.
Resource Owner Password Credentials: Enter the OAuth2 Resource Owner Password Credentials. Required fields are: Access token URL, User Name, and Password. Scope, Client ID, Client Secret, and Access token expired message pattern are optional fields.