Using ZAP for authenticating Keycloak!!!!
748 views
Skip to first unread message
Pritish Thapa
Mar 21, 2023, 3:36:25 AM3/21/23
to OWASP ZAP User Group
Hello ZAP amazing community!!!!
I am using keycloak as a third party app for authenticating my website!
I have tried form based authentication but it is not working. Also I tried recording feature of ZAP but still it's not working!
Does anyone have any idea about how to resolve this issue??? or any suggestions??
Thank you!
Pritish Thapa
I am using keycloak as a third party app for authenticating my website!
I have tried form based authentication but it is not working. Also I tried recording feature of ZAP but still it's not working!
Does anyone have any idea about how to resolve this issue??? or any suggestions??
Thank you!
Pritish Thapa
Simon Bennetts
Mar 21, 2023, 4:42:37 AM3/21/23
to OWASP ZAP User Group
Hi Pritish,
Have a look at the new Browser Base Authentication option: https://www.zaproxy.org/docs/desktop/addons/authentication-helper/browser-auth/
I know it works wth some SSO providers but I've not had a chance to test it with Keycloak.
Let us know how you get on.
If you have problems then please supply as many details as possible - browser based auth is probably going to be the best option for most SSO providers but it needs more testing and is likely to need many little improvements to handle all of the edge cases.
If you know of (or can create) a simple test login page that we can access with test credentials then we can try it out ourselves...
Cheers,
Simon
Reply all
Reply to author
Forward
Message has been deleted
0 new messages