Setup oAuthentication to ServiceNow using sdgtw
search cancel

Setup oAuthentication to ServiceNow using sdgtw

book

Article ID: 280782

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

How do I set up oAuthentication (oAuth 2.0)  to integrate DX UIM with ServiceNow using sdgtw? 

Do I need user name and password to use oAuth with sdgtw? 

Environment

DX UIM 20.4.* / 23.4

Cause

Guidance

Resolution

To set up OAuthentication (oAuth), please follow the instructions from the tech doc below: 

sdgtw AC Configuration (broadcom.com)>Setup Oauthentication

Note: Note that, you still have to input Username and Password. Because the first request sent to ServiceNow must use Basic Auth. The next request uses OAuth.

Additional Information

sdgtw oAuth 2.0 Q&A:

Q: As per the documentation, the first request sent to ServiceNow must use Basic Auth. Is there any possible workaround so that the Basic Auth is not requested at all?

A: No, as of now we don't have any workaround.



Q: Why is basic auth needed for the first request?

A: In service now oAuth is normally via a grant_type of 'password' for Inbound calls (OAuth Inbound calls- Your instance provides an endpoint for third-party clients to pull data from the snow instance.). For grant_type "password" we need to provide the below fields. Once the user is able to authenticate and authorized to generate the tokens using the above details ServiceNow will provide an access token and a refresh token.

Once the access token is expired, probe will request ServiceNow to provide a new access token but this time it will not send the username password instead using the previously generated refresh token it will request for a new access token. 

At one point in time, both the access and refresh tokens will expire so we need to generate both tokens again using the same fields. 

Fields:

grant_type : password
client_id : <client_id>
client_secret : <client_secret>
username : <username to authenticate with the instance>
password: <password>

Q: Is there any possibility to enhance the probe to support OAuthorization 2.0 Client Credentials (with secret key and client id) but bypass the Basic Auth requirement for the first request?

A: client_credential cannot be used for oAuth inbound requests. See the KB article from service now about this.

OAuth Token of type 'Client Credentials' generates 'User Not Authenticated' in Inbound web service call - Support and Troubleshooting (servicenow.com)

Powered by Wolken Software