IBM Support

AppScan Standard fails to authenticate a SharePoint application

Technote (troubleshooting)


Problem(Abstract)

When attempting to complete a scan with IBM Security AppScan Standard, the authentication with a SharePoint application may fail.

Cause

This can happen if the web.config file for the target application is not configured properly.

Diagnosing the problem

Inspect the web.config file on the target machine for any inconsistencies with RFC specification 2616.

In a reported issue Internet Explorer was able to access the site while AppScan and other tools could not. The following is an example of the problem web.config file:


    <system.webServer>
        <httpProtocol>
          <customHeaders>
            <clear />
            <add name=" X-XSS-Protection" value="0" />
          </customHeaders>
        </httpProtocol>
    </system.webServer>

Note the extra space in the beginning of this header name: "X-XSS-Protection" Removing this extra space in the value resolved the problem.


Resolving the problem

Correct the formatting of the file.

Related information

RFC 2616

Document information

More support for: IBM Security AppScan Standard
Scan: Authentication

Software version: 9.0, 9.0.0.1, 9.0.1, 9.0.1.1, 9.0.2, 9.0.2.1, 9.0.3, 9.0.3.1, 9.0.3.2, 9.0.3.3, 9.0.3.4, 9.0.3.5, 9.0.3.6

Operating system(s): Windows

Reference #: 1576636

Modified date: 14 July 2017


Translate this page: