AnsweredAssumed Answered

Scanning App with SSO and MFA

Question asked by Burhan Cimen on Mar 24, 2020
Latest reply on Mar 24, 2020 by Ed Arnold

Hi All,

 

I have an app with below scenario;

- Auto forward to Azure AD SSO website to collect creds

- Uses MS Authenticator for MFA

 

I successfully created the selenium_script and it replays well within Chrome, everything works including MFA ( I used this guide here, kudos!)

 

However, the same script does not work when I "test authentication" from Qualys WAS, it does not send me notification for mfa. (I have the MFA device with me.)

 

The scan threw QID150100 error, although I followed the qualys browser recorder guide here. I attached my masked selenium also as reference.

 

edit: just noticed Qualys did not even notice the first field in AzureAD

 

Scan Diagnostics:

Executing: |waitForElementPresent | id=i0116 | |
currentTest.recordFailure: Timed out after 60000ms
Executing: |type | id=i0116
currentTest.recordFailure: Element id=i0116 not found

 

What could be the problem, can anyone help me on this?

 

Thanks, kind regards,

Burhan

Attachments

Outcomes