Before start, I wanted to clarify that I have contacted support already, without much responses. And that is pretty annoying since we have been trying to resolve this issue for last two weeks.
We are getting authentication failed status over and over when trying to scan an internal web application. We are using the internal scan already, and get Qualys and the webapp connected already.
I used the same method that worked for external instances, which is Selenium Script. Basically, I created a script, which works perfectly when running locally, and set that as the authentication record I use for that specific web application.
This is the error am getting:
Selenium authentication failed for the script: Untitled Test Suite
The script was run, but failed to confirm the success with a RegEx
This is what I tried so far:
- Use a generic RegEx, which match with everything (".*"), workaround suggested by support team on case #626874:
- Of course, after this, the status changed to success, but it was not true, since it was not actually verifying anything. And the scan ends with the same amount of links crawled than before.
- Add a pause at the end of the script:
- Didn't work, the scan just took one more minute to end (I tried even with 2 minutes delay).
- Add wait until page load instruction at the end:
- didn't work, even trying with any random element present in the home page.
- Also, I did a creative solution by injecting a living session id into headers, and that was OK. The application got scanned, but it does not scale, since there is no chance to automate that, and of course, the session has a short live time and it is regenerated over and over. Even If I kill that session the scan ends.
It is pretty weird, with something as simple as enter user/password and get logged in. I have another opened case (#626874) but didn't get any response since last 3 days.
Let me know if you have any idea where can I continue on, or give any clue. Also, if you need any extra information, I'd be glad to provide, always am able to.