Diagnosing Authentication Problems

If you ask a question related to authentication on one of the ZAP forums then you will be directed here.

We know that the ZAP authentication documentation needs improving. One of the reasons why it has not been improved is that we are too busy trying to answer authentication questions 😉.

We are currently focusing on improving the authentication docs which means that we will not have as much time for answering specific questions. This is why you have been redirected here 😄.

Understand Your App

Authentication is hard. We would love to be able to program ZAP to automatically understand all forms of authentication but that is a long way off.

We probably do not have access to your app, and even if we did we would not have the time to understand it for you.

This means that you need to understand exactly how your app handles authentication (and session handling) in order to configure ZAP to handle it for you.

Existing Resources

There are a lot of existing resources that can help you:

  • ZAP Authentication - the docs we are currently working on
  • Official ZAP Videos - search for “auth” in the “Tags” field
  • User Group - search for “auth” or similar, more recent answers are likely to be more relevant
  • Developer Group - search for “auth” as per the User Group. Please don’t post your auth questions here, this group is for topics related to adding/changing ZAP code or add-ons. Having said that there are some historic threads that may assist you.
  • FAQ: How can ZAP automatically authenticate via forms? - note that the Diagnosing Problems section applies to most forms of authentication