After upgrading to PAM 4.2.1 or 4.2.2, the ServiceNow integration no longer works. When a user enters the ServiceNow information as part of a connection attempt or password view, the following error occurs.

PAM-CM-1236: Could not log into ServiceNow server with the provided credentials.

The error also occurs when using the Test Connection in the associated password view policy.

Privileged Access Manager 4.2.1 & 4.2.2

The NIM component used as part of the ServiceNow integration was upgraded in the 4.2.1 release. Part of the NIM upgrade included hardening of characters allowed by the target account used by NIM to connect with ServiceNow to only alphanumeric characters. In this case, the target account contained a period which failed the validation check.

To confirm this is the issue, the following errors will be in the Tomcat logs.

2025-05-06T17:49:44.515+0000 SEVERE [Thread-205] com.cloakware.cspm.server.app.CaNimCommon.updateIntegration Unable to update '#####' configuration. Error Code = 400, jsonResponse = <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error xmlns="http://ns.ca.com/2013/06/sm-normalization">
    <ErrorCode>227</ErrorCode>
    <ErrorMessage>Invalid input for the field: username: Invalid input. Please conform to regex ^[^.-@&lt;&gt;_][A-Za-z0-9_.@-]([\w ]+)+$ with a maximum length of 80 </ErrorMessage>
    <HTTPResponseCode>BAD_REQUEST</HTTPResponseCode>
    <HTTPResponseCodeValue>400</HTTPResponseCodeValue>
</Error>
.....
2025-05-06T17:49:44.518+0000 SEVERE [TP2] com.ca.pam.rest.PAUtil.generateExceptionFromAppCtx PAM-CM-1236: Could not log into ServiceNow server with the provided credentials.

Open a case with PAM Support to request a hotfix that allows the following characters in the target account name.

a-z - All small chars from a-z
A-Z - All camel chars from A-Z
0-9 - All numbers
dot(.) 
space()
Hyphen(-)
Underscore(_)
At(@)