dicksnel
commented
2 years ago Hi, can you post the full output?
And do you have a demo environment available? The scanner should be able to authenticate, but I don't know what kind of token Keycloak uses to manage the session.
I've tested this command with API scan, but the scan doesn't get all the Swagger endpoints URLs in the scan, all my environments use the keycloak auth for the access control, I follow the zap API scan documentation to run the auth commands, and for me, doesn't work.
I've tested another application with keycloak and doesn't work to find the URLs automatically, the zap app has any function to run with keycloak or the zap scan doesn't work well with the keycloak authentication?