Authentication Verifier Settings
You can install the authentication verifier service and verifier agents to verify that you run authenticated scans in your local environment.
If the website that you scan requires a form authentication, it is recommended that you install an authentication verifier agent. This agent helps validate the authentication so that you make sure that you run authenticated scanning in your network.
Information Starting from the Acunetix 360 On-Premises 2.3, the Authentication Verifier Agent communicates with the Authentication Verifier Service to verify the login. You can install the Authentication Verifier Agent without installing the verifier service. However, the Authentication Verifier agent works properly only if you install the Authentication Verifier Service first. |
This topic explains how to install the Authentication Verifier Service and the Authentication Verifier Agent.
Tips Authentication Verifier Settings is available in the Acunetix 360 On-Premises edition only. |
For further information, see Overview of Settings in Acunetix 360 and Comparison Between Acunetix 360 and Acunetix 360 On-Premises Editions.
Authentication Verifier Settings fields
This table lists and explains the fields on the Authentication Verifier Settings page.
Field | Description |
Authentication Verifier Service URL | This is the URL that the Authentication Verifier Service is running. The URL must have /authverificationhub at the end. For example, your URL should be like: https://www.acunetix360.com:5000/authverificationhub To access the verifier service, you must bind the Invicti AV Service to the domain name OR IP Address. |
Service Token | This is the token that enables the communication between the Authentication Verifier Service and the Acunetix 360 Web Application. |
Access Token | This is the token that enables the communication between the Authentication Verifier and the Authentication Verifier Service. |
How to view the Authentication Verifier
- Log in to Acunetix 360.
- From the main menu, select Settings > Authentication Verifier.
Installing Acunetix 360 Authentication Verifier Service
How to install the Authentication Verifier Service
- Run the AuthVerifierServiceSetup.exe that comes with the .zip file.
- On the Select Installation Folder step, select Next to install the Verifier Service to the default folder. Or select Browse to select an installation folder. Select Next.
- On the Ready to Install step, select Install.
This installs the Authentication Verifier Service and creates InvictiAVService in the Internet Information System (IIS).
After the installation, you need to configure the communication between the Authentication Verifier Service and the Acunetix 360 Web Application.
How to configure the Authentication Verifier Service
- Log in to Acunetix 360.
- From the main menu, select Settings > Authentication Verifier.
- Copy the Service Token value.
- Navigate to the Acunetix 360 Authentication Verifier Service folder. (By default, it is under C:\Program Files (x86)\. Installed to a different location? Check that location.)
- Find and open the appsettings.json file.
- Paste the Service Token value into the RootApiToken value.
- Save and close the file.
- Open the IIS Manager and restart the InvictiAVService listed under the Sites.
Warning Any changes in the appsetting.json file, such as changing token, require restarting the Authentication Verifier Service so that the changes can take effect. To restart, open the IIS Manager and restart the InvictiAVService listed under the Sites. |
These said steps let you run the Authentication Verifier Service and establish the communication between the Authentication Verifier Service and the Acunetix 360 Web Application.
You can install an authentication verifier agent, as specified in the following instructions, to verify the form authentication on the New Scan page.
Installing Acunetix 360 Authentication Verifier
The Acunetix 360 Authentication Verifier is installed using a wizard.
Warning Starting from the Acunetix 360 On-Premises 2.3, the Authentication Verifier Agent communicates with the Authentication Verifier Service to verify the login. In order to continue using the Authentication Verifier Agent, you must uninstall the older versions. |
How to install the Acunetix 360 Authentication Verifier
- First, run the AuthVerifierSetup.exe file.
- On the Welcome to the Acunetix 360 Authentication Verifier Setup Wizard window, select Next.
- Select Browse if you want to install the Authentication Verifier to a different folder than the default folder. Select Next.
- On the Authentication Verifier Settings step, enter the AV Service URL and API Token. The API URL field is already completed. In the API Token field, enter your token. You can find this in Authentication Verifier Settings under the Settings menu on Acunetix 360. Select Next.
- Select Install.
After the installation, navigate to the Acunetix 360 Authentication Verifier Agent folder. (By default, it is under C:\Program Files (x86)\. Installed to a different location? Check that location.) Open the appsetting.json file. For example, it should look like the following:
To manage your authentication verifier agents, log in to Acunetix 360. From the main menu, select Agents > Manage Verifiers. For further information, see Managing Authentication Verifier Agents in Acunetix 360.
Installing multiple agents on the same operating system
If you want to install more than one agent on the same system, first install Acunetix 360 Agent, as usual, using the AuthVerifierSetup.exe file.
How to install multiple agents on the same operating system
- Copy all files from the default Agent’s folder to the new Agent’s folder. The default installation path is: C:\Program Files (x86)\Acunetix 360 Authentication Verifier Agent.
For example, if you decided to use Agent-2 as the new Agent name, you could use this command to copy all files to new Agent’s folder:
xcopy "C:\Program Files (x86)\Acunetix 360 Agent\*.*" "C:\Program Files (x86)\Acunetix 360 Authentication Verifier Agent-2" /yie
This will create a new directory in C:\Program Files (x86)\Acunetix 360 Authentication Verifier Agent-2 and copy in all the required files.
- Locate the new Agent’s folder and open the appsettings.json file with a text editor. Set the new Agent’s name.
- Open a command prompt in Windows with Administrator rights and install the new Agent as a Windows Service using these commands:
- This command changes the current folder to the new Agent’s folder:
cd C:\Program Files (x86)\Acunetix 360 Authentication Verifier Agent-2
- This command installs the new Agent as a Windows Service:
Acunetix.Cloud.Agent.exe /i
- This command starts the new Agent’s Windows Service:
Acunetix.Cloud.Agent.exe /s
Information If there is more than one authentication verifier agent installed in your machine, Acunetix 360 shows a drop-down to select the verifier agent you want to use. |