AnsweredAssumed Answered

Scanning App with SSO and MFA

Question asked by Burhan Cimen on Mar 24, 2020
Latest reply on Mar 24, 2020 by Ed Arnold

Hi All,


I have an app with below scenario;

- Auto forward to Azure AD SSO website to collect creds

- Uses MS Authenticator for MFA


I successfully created the selenium_script and it replays well within Chrome, everything works including MFA ( I used this guide here, kudos!)


However, the same script does not work when I "test authentication" from Qualys WAS, it does not send me notification for mfa. (I have the MFA device with me.)


The scan threw QID150100 error, although I followed the qualys browser recorder guide here. I attached my masked selenium also as reference.


edit: just noticed Qualys did not even notice the first field in AzureAD


Scan Diagnostics:

Executing: |waitForElementPresent | id=i0116 | |
currentTest.recordFailure: Timed out after 60000ms
Executing: |type | id=i0116
currentTest.recordFailure: Element id=i0116 not found


What could be the problem, can anyone help me on this?


Thanks, kind regards,