I am trying to authenticate to a web application that is using our Active Directory Domain authentication, has anyone come accross this scenario before? Any suggestions?
Depending on how your web app is configured for authentication with AD (SSO, LDAP, NTLM, or combinations thereof.) we offer several ways to authenticate including; HTTP Basic, Digest, NTLM, or SSL client certificates, Selenium script based, etc. My best suggestion is to speak with your TAM and then if needed open a case with support and supply them with a scan report, url and details so we can best assist you with successful configuration and authentication.
Such answers from Qualys bring absolutely no value, as TAM's and support are most likely unavailable and have no clue about complex authentication schemes.
As such, your best bet is to work with Selenium Scripts if you want to find a way to login automatically. Download Firefox, add the Selenium IDE addon and then record your session using credentials on hand.
One thing to remember, when it comes to SSO login (certs, cookies and so on), Qualys is unable to support these. After a year trying to find a solution, my team has found new tools better adapted to our needs.
Qualys is fine for a high level web scan, but is not built for more complex web applications.
Retrieving data ...