Authentication - Documented SSO Solutions

The following SSO providers have documented solutions for automation.

We will aim to test ZAP with as many of these providers as possible in order to provide specific ZAP integration details. If you would like to help with this effort then please get in touch 😁.


Suggested way to get a session token using a direct grant:

curl \
  -d "client_id=myclient" \
  -d "client_secret=40cc097b-2a57-4c17-b36a-8fdf3fc2d578" \
  -d "username=user" \
  -d "password=password" \
  -d "grant_type=password" \

Way to check if the user session is still valid:


Expected failure likely to be a 401 with:

    "error": "invalid_request",
    "error_description": "User session not found or doesn't have client attached on it"