Does Servicenow support Delinea (Secret Sever) Credential Resolver?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-23-2022 01:41 AM
We are planning to integrate Delinea (earlier called as Thycotic) Secret server with the ServiceNow Discovery tool.
But as per the ServiceNow Product documentation it supports only CyberArk (currently) as Out of Box.
Also I have came across one KB article from Servicenow stating it does not support Thycotic Integration.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0955942
I am bit confused here, Even Delinea official sites says current version of the Secret Server Credential Resolver has been superseded by the new version documented and published here. But the link does not work.
https://docs.thycotic.com/ssi/current/servicenow/mid-server
Can some one help me understand, Can we integrate the Delinea Secret Server with our Servicenow for Discovery?
If we integrate also, Does Servicenow team support in case of any issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2024 08:43 AM - edited 05-31-2024 08:45 AM
I am working on this setup to get external credential storage set up with secret server and haven't been able to get it work. I followed the steps in the Delinea documentation. I see the below error in MID server agent log when I test a credential
2024-05-31T12:30:55.155+0000 ERROR (Worker-Interactive:CommandPipeline-e4807b74fbae465449d6f860beefdcef) [CredentialResolverProxy:321] Problem with client's CredentialResolver: Problem resolving the Credential(null): after 0 ms :
java.lang.Exception: Problem with client's CredentialResolver:
The external credentials API is not installed correctly or is not correct
at com.service_now.mid.services.CredentialResolverProxy.initWithLegacy(CredentialResolverProxy.java:201)
---------
Caused by: java.lang.ClassNotFoundException: com.snc.discovery.CredentialResolver
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
---------
I can see the class path fine as below
C:\Delinea450>jar tf CredentialResolver.jar
META-INF/
META-INF/MANIFEST.MF
com/
com/snc/
com/snc/discovery/
com/snc/discovery/domain/
com/snc/discovery/service/
META-INF/maven/
META-INF/maven/com.delinea/
META-INF/maven/com.delinea/serviceNow-credential-resolver/
com/snc/discovery/Constants.class
com/snc/discovery/CredentialResolver.class
-----------
So far I have followed the below steps
1) Enabled External Credential Storage in SN and downloaded the plugin from Delinea site
2) Uploaded the CredentialResolver.jar to MID server/JAR files in ServiceNow. Can see it in extlib directory of MID server
3) Run the DelineaMidServerSetupUtility.jar. I am using Just-In-Time method. Was able to authenticate successfully with Secret Server and got the below config parameters
<parameter name="ss_url" value="https://xxx"/>
<parameter name="ss_auth_str" value="xxxxx"/>
<parameter name="proxy_host" value=""/>
<parameter name="proxy_port" value=""/>
<parameter name="vault_type" value="ss"/>
<parameter name="allow_self_signed_certificates" value="false"/><parameter name="is_logging" value="true"/>
<parameter name="log_level" value="4"/>
<parameter name="search_secret_by_name" value="false"/>
<parameter name="auto_comment" value=""/>
<parameter name="cache_url" value=""/>
3) I added the above parameters to the MID server config.xml and restarted the MID service. And when I run a credential test, it fails with errors I mentioned earlier
I just have External Credentials Storage plugin enabled. Do we need the Password Safe External Credential Storage too?
@Michael Walsh Could you please provide sample config parameters that you added to config.xml
Any help will be greatly appreciated
