ZAP Jenkins authentication failure

Question

I have configured my job to use form-based authentication, but it seems that it ignores authentication. Even if I use incorrect user-name password I don't see an error!

[ZAP Jenkins Plugin] SPIDER SCAN STATUS [ 0% ]
[ZAP Jenkins Plugin] ALERTS COUNT [ 0 ]

    4088 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider  - Starting spider...
    4088 [ZAP-SpiderInitThread-0] INFO org.zaproxy.zap.spider.Spider  - Scan will be performed from the point of view of User: [email protected]
    4108 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.users.User  - Authenticating user: [email protected]
    4483 [ZAP-SpiderThreadPool-0-thread-1] INFO org.zaproxy.zap.spider.Spider  - Spidering process is complete. Shutting down...

In my settings I have:

Thanks.

Simon Bennetts Simon Bennetts · Accepted Answer · 2017-08-03T07:01:12

I'd recommend using the ZAP Desktop app to test your authentication first - its easier to see whats going on. We have a FAQ for form based auth: https://github.com/zaproxy/zaproxy/wiki/FAQformauth

Once you have it working in the Desktop UI you can replicate the configuration in Jenkins.

For reference, the problem was actually the context definition - it should have been: "https://app.klipfolio.com/.*" - see https://groups.google.com/d/msg/zaproxy-users/FDeqAB8jlQ0/4VvMhAjZBAAJ

ZAP Jenkins authentication failure

1 Answers