When I configure ZAP as in the guideline https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
the username and password are not replaced with the ones defined in the Users context setting.
Any idea why this happens?
This is same issue as in https://github.com/zaproxy/zaproxy/issues/2079.
Have a look at https://github.com/zaproxy/zaproxy/wiki/FAQformauth particularly the 'Diagnosing problems' section.
Related
I'm currently troubleshooting a login issue for a deployed Moodle. Login page uses an alternate page which I have managed to identify. The alternate page considers everything except successful login as invalid or expired login or password.
Since some correct login and password are also getting the same issue.I am trying to restore the Moodle instance to use its default login page but did not find any $CFG->alternateloginurl configuration set in moodle.php. Kindly please provide any pointers you can think of on where to look next to restore the login page.
PS: I've also searched within the active theme, and there has not been any code changes. Uses a variant of Moove
Thank you
Rest assured that its a common issue
https://docs.moodle.org/401/en/Managing_authentication#Alternate_login_URL
There is an entry in the database
SELECT *
FROM mdl_config
WHERE name = 'alternateloginurl'
Note the value, just in case, then blank it out
UPDATE mdl_config
SET value = ''
WHERE name = 'alternateloginurl'
Then purge the cache to update Moodle
php admin/cli/purge_caches.php
When you do manage to log in, check which other authentication methods are active via
Site administration > Plugins > Authentication > Manage authentication
https://docs.moodle.org/401/en/Managing_authentication
The default methods are manual and email self registration
Although self registration is disabled by default in the settings on the same page (registerauth)
I am using ZAP security testing tool.but at the point of Authentication by username and password of a JSON Request, I face problem to configure these. I checked all links and blogs too. but I can't get the proper step by step solution on it.
Request code:-
{"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58"}
Response code:-
{"userId":72,"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58","emilId":"pratyush#sdrc.co.in","userTypeId":1,"viewName":"cwc","isLive":null,"isActive":null,"isApproved":null,"sjpuAccess":null,"userUserTypeFeaturePermissionMapping":null,"area":null}
That functionality was only just added last week: https://github.com/zaproxy/zaproxy/pull/4624
If you want to use it, you'll either have to use a weekly: https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Or, wait for the next full release (likely 2.8.0).
The corresponding PR to update the help content for the new JSON Authentication functionality is here: https://github.com/zaproxy/zap-core-help/pull/188/files if you want to check it out.
You set it up the same way you would for form based authentication. Make sure you define a Logged-in or Logged-out Identifier (or both). Here's some screenshots to help you along:
Manually configure the Authentication for your Context:
Use the Site Tree Context menu(s) to set it up:
Here's an additional help link that might assist you in getting authentication setup: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
I am newer to Nuxeo. I had successfully implemented SSO with LDAP-CAS-NUXEO, but Nuxeo takes login credentials as UserName & Password. But I want to change it to Email & password. I am not able to find any way to do it. Any help in this will be greatly appreciable.
If you are using LDAP and CAS you just need to change one Property in default-ldap-users-directory-config.xml.
<extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
point="directories">
<directory name="userDirectory">
<server>default</server>
<schema>user</schema>
<idField>username</idField>
<passwordField>password</passwordField>
.....
here in <idField> you can use email instead of username.
I can't get zap past the login page. It just fixates on the login and forgotten password forms.
I have followed various official HOWTOs and this FAQ but even though I have deleted the zap user, it still uses login_id=ZAP&password=ZAP when trying to log in.
I'm in standard mode, forced user mode, forced user is defined, logged in and logged out strings are defined - and I have tried others.
login form target url: https://xxx.yyy.net/affiliate_login_action.ido
login request POST data: login_id={%username%}&password={%password%}
logged in regex: \QLogout\E
logged out regex: \QAgent Login\E
I can't think what else to try.
The regexs doesn't seem right. In my experience when you don't specify correct login/logout regexs ZAP is using just ZAP, ZAP.
Try to change regexs to .*\QLogout\E.* and .*\QAgent Login\E.*
I have a Ektron client with Ektron installed. They would like to add the functionality to change a password to something they want. Do I need to be concerned with the ektron part or just go ahead and make my edit?
Is there an easy way to do that? Any links to information would be greatly appreciated.
If you're talking about Ektron CMS400 Membership Users, you can use the Web Service Method:
User.ResetMembershipUserPassword
If you're trying to set it for regular CMS400 users, you're out of luck. The administrator will need to reset their password (if they've forgotten it) and the user will need to log back in to the workarea and change their password there.
UPDATE
That method resets the password to a random value. To set the password to a desired value, you'll have to use:
Ektron.Cms.BusinessApi.dll
Ektron.Cms.UserAPI.ResetMembershipUserPassword(string Username,
string oldPassword,
string newPassword)