Support
Configuring Settings

Authentication Verifier Settings

This document is for:
Invicti Enterprise On-Premises

You can install the authentication verifier service and verifier agents to verify that you run authenticated scans in your local environment.

If the website that you scan requires a form authentication, it is recommended that you install an authentication verifier agent. This agent helps validate the authentication so that you make sure that you run authenticated scanning in your network.

Starting from the Invicti Enterprise On-Premises 2.3, the Authentication Verifier Agent communicates with the Authentication Verifier Service to verify the login.

You can install the Authentication Verifier Agent without installing the verifier service. However, the Authentication Verifier agent works properly only if you install the Authentication Verifier Service first.

This topic explains how to install the Authentication Verifier Service and the Authentication Verifier Agent.

Authentication Verifier Settings is available in the Invicti Enterprise On-Premises edition only.

For further information, see Overview of Settings in Invicti Enterprise and Invicti Editions.

Authentication Verifier Settings fields

This table lists and explains the fields on the Authentication Verifier Settings page.

Field

Description

Authentication Verifier Service URL

This is the URL that the Authentication Verifier Service is running.

The URL must have /authverificationhub at the end. For example, your URL should be like: https://onprem.netsparker.com:5000/authverificationhub 

To access the verifier service, you must bind the Invicti AV Service to the domain name or IP Address.

Service Token

This is the token that enables the communication between the Authentication Verifier Service and the Invicti Enterprise Web Application.

Access Token

This is the token that enables the communication between the Authentication Verifier and the Authentication Verifier Service.

How to view the Authentication Verifier
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Settings > Authentication Verifier.

Installing Invicti Enterprise Authentication Verifier Service

How to install the Authentication Verifier Service
  1. Run the AuthVerifierServiceSetup.exe that comes with the .zip file.
  1. On the Select Installation Folder step, select Next to install the Verifier Service to the default folder. Or select Browse to select an installation folder. Select Next.
  1. On the Ready to Install step, select Install.

This installs the Authentication Verifier Service and creates InvictiAVService in the Internet Information System (IIS).

After the installation, you need to configure the communication between the Authentication Verifier Service and the Invicti Enterprise Web Application.

How to configure the Authentication Verifier Service
  1. Log in to Invicti Enterprise.
  2. From the main menu, select Settings > Authentication Verifier.
  3. Copy the Service Token value.
  4. Navigate to the Invicti Enterprise Authentication Verifier Service folder. (By default, it is under C:\Program Files (x86)\. Installed to a different location? Check that location.)
  5. Find and open the appsettings.json file.
  6. Paste the Service Token value into the RootApiToken value.
  1. Save and close the file.
  2. Open the IIS Manager and restart the InvictiAVService listed under the Sites.

Any changes in the appsetting.json file, such as changing token, require restarting the Authentication Verifier Service so that the changes can take effect. To restart, open the IIS Manager and restart the InvictiAVService listed under the Sites.

These said steps let you run the Authentication Verifier Service and establish the communication between the Authentication Verifier Service and the Invicti Enterprise Web Application.

You can install an authentication verifier agent, as specified in the following instructions, to verify the form authentication on the New Scan page.

Installing Invicti Enterprise Authentication Verifier

The Invicti Enterprise Authentication Verifier is installed using a wizard.

Starting from the Invicti Enterprise On-Premises 2.3, the Authentication Verifier Agent communicates with the Authentication Verifier Service to verify the login.

In order to continue using the Authentication Verifier Agent, you must uninstall the older versions.

How to install the Invicti Enterprise Authentication Verifier
  1. Run the AuthVerifierAgentSetup.exe file.
  2. On the Welcome to the Invicti Enterprise Authentication Verifier Setup Wizard window, select Next.
  1. Select Browse ifyou want to install the Authentication Verifier to a different folder than the default folder. Select Next.
  1. On the Invicti Enterprise Authentication Verifier Agent Settings step, enter the AV Service URL and API Token. The AV Service URL field is already completed (For example, https://onprem.netsparker.com:5000). In the API Token field, enter your access token. (You can find your access token on the Authentication Verifier page under the Settings.)
  2. Select Next.
  1. Select Install.

After the installation, navigate to the Invicti Enterprise Authentication Verifier Agent folder. (By default, it is under C:\Program Files (x86)\. Installed to a different location? Check that location.) Open the appsetting.json file. For example, it should look like the following:

If you configured the agent mode as Cloud on the Website page, enter Cloud to the Agent Type value on the appsetting.json file.

To manage your authentication verifier agents, log in to Invicti Enterprise. From the main menu, select Agents > Manage Verifiers. For further information, see Managing Authentication Verifier Agents in Invicti Enterprise.

Installing multiple authentication verifier agents

If you want to install more than one authentication verifier agent on the same system, first install Invicti Enterprise Authentication Verifier Agent, as usual, using the AuthVerifierSetup.exe file.

How to install multiple Agents on the same operating system
  1. Copy all files from the default Authentication Verifier Agent’s folder to the new Verifier Agent’s folder. The default installation path is: C:\Program Files (x86)\Invicti Enterprise Authentication Verifier Agent.

For example, if you decided to use Agent-2 as the new Agent name, you could use this command to copy all files to the new Agent’s folder:

xcopy "C:\Program Files (x86)\Invicti Enterprise Authentication Verifier Agent\*.*" "C:\Program Files (x86)\Invicti Enterprise Authentication Verifier Agent-2" /yie

This will create a new directory in C:\Program Files (x86)\Invicti Enterprise Authentication Verifier Agent-2 and copy in all the required files.

  1. Locate the new Verifier Agent’s folder and open the appsettings.json file with a text editor. Set the new Agent’s name.
  2. Open a command prompt in Windows with Administrator rights and install the new Verifier Agent as a Windows Service using these commands:
  • This command changes the current folder to the new Agent’s folder:
cd C:\Program Files (x86)\Invicti Enterprise Authentication Verifier Agent-2
  • This command installs the new Verifier Agent as a Windows Service:
Invicti.Cloud.Agent.exe /i
  • This command starts the new Agent’s Windows Service:
Invicti.Cloud.Agent.exe /s

If there is more than one authentication verifier agent installed in your machine, Invicti shows a drop-down to select the verifier agent you want to use.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.