Advanced login troubleshooting workflow

In Tools > Options > Advanced > SessionManagement.ShowActionBasedPlayerWindow change the setting to True, so you can see the browser actions.

Open the Starting URL in a regular browser and verify that it is possible to log in manually with the credentials you provided.

• If a script error pop-up appears, try the following (individually or all together):
  • In Scan Configuration > Advanced Configuration > Communication: Remove 'Accept-Encoding' header change the setting to False and click Apply.
  • In Scan Configuration > Advanced Configuration > General: Proxy file extension filter delete all content in the Value field and click Apply.
  • In Scan Configuration > Advanced Configuration > Session management: Sequence Content Type Filter delete all content in the Value field and click Apply.
• If the site behaves differently in the AppScan browser to the way it behaved in your regular browser, try the following:
  • In Scan Configuration > Explore Options > User Agent, click the Edit icon, delete all content, and click Apply.

If the site uses HTTP authentication (if you get a pop-up requiring authentication), do the following:

1. In Scan Configuration > Login Management view, set Login Method to None.
2. In Scan Configuration > HTTP Authentication view, supply the username and password, and if needed also the domain.
   Note: If the username contains a forward slash (/), the content before it is the domain, and after it is the username. Otherwise leave the Domain field empty.​

If you are using Automatic Login, try the following:

1. In Scan Configuration > Login Management > Login/Logout tab, verify that the Login method is set to Automatic.
2. Fill in the Username and Password.
3. In Scan Configuration > Login Management > Details tab, click Auto Detect In-Session configuration.

   When AppScan tries to log in to the site automatically, three types of issue can occur:

   • If AppScan fails to fill the login fields, it may not be able to identify them:
     1. Open the Starting URL in a regular browser.
     2. Right-click on the Username field, and select Inspect.
     3. In the HTML source code pane that opens, locate the ID value of the Username field, and copy it to the clipboard.
     4. In AppScan, go to Scan Configuration > Automatic Form Fill, and paste the ID value into the Username Parameters field.
     5. Repeat steps ii-iv for the Password ID value.
   • If AppScan clicks the wrong buttons, switch to Recorded Login.
   • If AppScan fails to identify an In-Session Pattern, refer to Select Detection Pattern dialog box

If you are using Recorded Login, try the following:

1. In Scan Configuration > Login Management > Login/Logout tab, verify that the Login method is set to Recorded.
2. Record the Login sequence.
3. Open the Details tab > Actions list, and click the Play button.
   AppScan attempts to log in to the site. The following issues may occur:

   • If AppScan fills the login and password parameters too fast, go to Login Management > Details > Actions list, and increase the Wait period between actions.
   • If AppScan misses out some actions, try changing mouse-click for Tab/Enter, or the reverse.
4. In Details tab > Actions list, click Validate.

   AppScan plays the sequence and attempts to identify an In-Session pattern. If an in-session pattern is not found, try adding an additional step to the sequence, after the login step, to reach a page with more information (such as "Welcome [username]" or "[userID]", that AppScan can use as the In-Session pattern.

If none of the above work, try using Request-based Login with an external browser:

1. In Tools > Options > Scan Options click the Use External Browser check box, and select a browser.
2. In Scan Configuration > Login Management set the Login Method to Recorded.
3. Click Record > Use External Browser.
4. Log in to the site and close the browser.