ZAP with Jenkins - can't handle authentication?
544 views
Skip to first unread message
Lakmi
Jun 14, 2015, 10:49:08 PM6/14/15
to zaprox...@googlegroups.com
Hi,
Like Quick Start option, is there a limitation in Jenkins also in not handling pages protected by a login page?
I don't see options for authentication in Jenkins setup. Can you please confirm.
Regards,
Lakmi
Simon Bennetts
Jun 16, 2015, 9:05:09 AM6/16/15
to zaprox...@googlegroups.com, laks...@gmail.com
The Jenkins plugin isnt maintained by the ZAP core team, but I'll ping the maintainers and see what they think.
An easy option might be to allow you to specify a context that has been set up using the ZAP UI.
Cheers,
Simon
An easy option might be to allow you to specify a context that has been set up using the ZAP UI.
Cheers,
Simon
Simon Bennetts
Jun 16, 2015, 9:12:43 AM6/16/15
to zaprox...@googlegroups.com, psi...@gmail.com, laks...@gmail.com
Jenkins issue raised: https://issues.jenkins-ci.org/browse/JENKINS-28922
Lakmi
Jun 16, 2015, 11:38:52 PM6/16/15
to zaprox...@googlegroups.com
Great! Thanks for creating a ticket.
Ludovic Roucoux
Jun 22, 2015, 4:13:20 AM6/22/15
to zaprox...@googlegroups.com
Hi Lakmi,
I'm the developer of ZAProxy Jenkins plugin. Allow authentication in plugin is a good suggestion.
I will probably add this possibility in the future.
But, to allow that at the moment, have you tried to save a context with authentication in a session (using ZAP UI) and then, load this session with the Jenkins plugin ?
Regards,
Ludovic.
Lakmi
Jun 24, 2015, 6:17:09 AM6/24/15
to zaprox...@googlegroups.com
Hi Ludovic,
I tried as per your suggestions. Saved a context with form-based authentication from UI & loaded that session in Jenkins.
But its not proceeding further from login page.
Also, few errors in Console output -
92519 [ZAP-ProxyThread-2] ERROR org.zaproxy.zap.extension.users.ExtensionUserManagement - Unable to load Users. java.lang.NullPointerException at org.zaproxy.zap.extension.users.ExtensionUserManagement.loadContextData(Unknown Source) at org.parosproxy.paros.model.Model.loadContext(Unknown Source) at org.parosproxy.paros.model.Session.addContext(Unknown Source) at org.parosproxy.paros.model.Session.open(Unknown Source) at org.parosproxy.paros.model.Model.openSession(Unknown Source) at org.parosproxy.paros.control.Control.runCommandLineOpenSession(Unknown Source) at org.zaproxy.zap.extension.api.CoreAPI.handleApiAction(Unknown Source) at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 92546 [ZAP-ProxyThread-2] ERROR org.zaproxy.zap.extension.forceduser.ExtensionForcedUser - Unable to load forced user. java.lang.IllegalStateException: No user matching the provided id was found. at org.zaproxy.zap.extension.forceduser.ExtensionForcedUser.setForcedUser(Unknown Source) at org.zaproxy.zap.extension.forceduser.ExtensionForcedUser.loadContextData(Unknown Source) at org.parosproxy.paros.model.Model.loadContext(Unknown Source) at org.parosproxy.paros.model.Session.addContext(Unknown Source) at org.parosproxy.paros.model.Session.open(Unknown Source) at org.parosproxy.paros.model.Model.openSession(Unknown Source) at org.parosproxy.paros.control.Control.runCommandLineOpenSession(Unknown Source) at org.zaproxy.zap.extension.api.CoreAPI.handleApiAction(Unknown Source) at org.zaproxy.zap.extension.api.API.handleApiRequest(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
Please suggest next steps.
Thanks,
Lakmi
thc...@gmail.com
Jun 24, 2015, 7:03:36 AM6/24/15
to zaprox...@googlegroups.com
Hi.
That is a ZAP issue. [1]
[1] https://github.com/zaproxy/zaproxy/issues/1636
Best regards.
> --
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
That is a ZAP issue. [1]
[1] https://github.com/zaproxy/zaproxy/issues/1636
Best regards.
> You received this message because you are subscribed to the Google
> Groups "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to zaproxy-user...@googlegroups.com
> <mailto:zaproxy-user...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Thilina Madhusanka
Sep 2, 2015, 1:15:05 AM9/2/15
to OWASP ZAP User Group
Hi
If u still looking for authentication in jenkins zap plugin i have modify the existing plugin to use authentication
lokesh
Apr 17, 2020, 10:35:09 AM4/17/20
to OWASP ZAP User Group
Hi Ludovik,
When can we expect the stable version of ZAP jenkins plug in.
I am trying to scan a application uses cognito and simple auth. ZAP is not able to log in.
On Monday, June 22, 2015 at 1:43:20 PM UTC+5:30, Ludovic Roucoux wrote:
Ludovic Roucoux
Apr 17, 2020, 10:48:52 AM4/17/20
to OWASP ZAP User Group
Hi Lokesh,
I'm not anymore the maintener of this plugin.
I don't know what plugin version are you using but try to check the doc of the new zap-plugin : https://plugins.jenkins.io/zap/
I wish you'll find what you expect ;)
Reply all
Reply to author
Forward
0 new messages