Login Management
Configure the login procedure for the web service.
Limitation: Using API keys as HTTP query parameters is not
supported.
Select one of the Login radio buttons:- Configure Login below
- If you select this option the lower part of the dialog becomes active and lets you input the following:
- Login request: Select a login request from the drop-down list of requests from the
description files.Note: If the web service implements authorization control using API keys, a login request is not needed, so select None from the drop-down list.
- Login credentials: Review and if needed edit the values of Login credentials.
- Custom headers: If the service uses custom headers (such as bearer authentication in the Authorization header), click Edit to open the Add Custom Header dialog box. For details see Custom Header tab.
- In-Session Detection request: Select an in-session request from the drop-down list. This will be used by AppScan to verify that it is logged in when testing.
- Login request: Select a login request from the drop-down list of requests from the
description files.
- Use existing Login configuration
- Select if your scan configuration already includes a valid login sequence you can use it.
- Record Login sequence in AppScan Configuration > Login Management
- Select if the description file does not include a login request. You can use the main AppScan Configuration dialog box to record the Login using the AppScan built-in browser or an external device. This is most likely to be the case when users log in though a user interface, or where JavaScript is involved in the login process. For details see Login Management view.
- None
- Select if the service does not require logging in.
Next Step: Sequences