Allowing external access to Processor

Go to solution
David King
Giga Contributor

‎08-11-2018 08:03 PM

Hi all,

I'm looking at setting up a processor that allows shorter URL's to KB articles. I was wondering if there's a good way to allow external access (Via ACL?) to a specific processor?

Background

Links to our KB articles currently look like:

https://instancename.service-now.com/csm?id=kb_article&sys_id=7abc123odadoiwagbdwaiohvsuicpoe6

I've got a processor which shortens the links to:

https://instancename.service-now.com/help?article=KB00001

The marketing department will be much happier pasting this into their social media links!

The Processor

It's a relatively simple thing that executes the following:

(function process(g_request, g_response, g_processor) {
	
	var article = g_request.getParameter("article");
	
	//Query table for Knowledge article
	var kb = new GlideRecord('kb_knowledge');
	kb.addQuery('number',  article); //Key, query value
	kb.query();
		
	//Default url if not found
	var url = 'https://devinstance.service-now.com/csm';
	
	//While we have results
	while (kb.next()) {
		if (kb.number.toString() == article.toString()){
			url = url + '?id=kb_article&sys_id=' + kb.sys_id.toString();
		}
	}
	//Redrect to base csm addr or found kb article
	g_processor.redirect(url);
		
})(g_request, g_response, g_processor);

The CSM endpoint is accessible by external users, they don't need to be logged in to navigate the service portal and read KB and News articles.

However, this processor is set up in the global namespace with the previously mentioned /help endpoint.
Navigating to <instance.com>/help requires a user to log in.

Is there a safe way to enable access to this specific endpoint for external users?
Any comments are appreciated!

Regards,

David

0 Helpfuls
  • 3,166 Views
1 ACCEPTED SOLUTION

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to Goran WitchDoc

‎08-13-2018 06:23 AM

Got it.

to make the processor public you need to do 1 or 2 things. If you don't have CSM or any other application that might activate the snc_internal/snc_external roles then you just need step 1.

 

1. Create the processor, go to sys_public.list and add the path there. Then in the url use <path>.do and it will work.

2. if you have the snc-roles thingie. Then you also need to edit the roles field on the processor. Now this isn't visible from start and ServiceNow has been kind to add the role snc_internal there by default which of course the none loggedin user doesn't have. Here you need to remove that and then add the role public instead. 

Then it should work :). I think I'll make a video of this 🙂 and steal your idea about it 😉

 

//Göran

View solution in original post

16 REPLIES 16

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to Goran WitchDoc

‎08-13-2018 06:23 AM

Got it.

to make the processor public you need to do 1 or 2 things. If you don't have CSM or any other application that might activate the snc_internal/snc_external roles then you just need step 1.

 

1. Create the processor, go to sys_public.list and add the path there. Then in the url use <path>.do and it will work.

2. if you have the snc-roles thingie. Then you also need to edit the roles field on the processor. Now this isn't visible from start and ServiceNow has been kind to add the role snc_internal there by default which of course the none loggedin user doesn't have. Here you need to remove that and then add the role public instead. 

Then it should work :). I think I'll make a video of this 🙂 and steal your idea about it 😉

 

//Göran

Go to solution
David King
Giga Contributor
In response to Goran WitchDoc

‎08-14-2018 12:57 PM

Thanks for your response! The hidden roles field is certainly not a helpful one haha.

I've gone and updated the processor role to public, and tried accessing the endpoint with and without an ACL (Also changed to allow public)

My instance still requires a user to login to access the endpoint, I believe from this point on the issue is with a conflicting ACL, I'll reach out to HI to see if they can help me find which one it is (Somewhere amid the thousands of records)

I'm assuming it'll be an ACL set up for this instance specifically, I'll let you know what HI finds from their digging!

In the meantime, feel free to use the idea, would love to see the video when it's up!

Kind regards,

David

0 Helpfuls

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to David King

‎08-14-2018 02:43 PM

did you add .do on your url. like help.do?....

0 Helpfuls

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to Goran WitchDoc

‎08-14-2018 02:44 PM

since if you just have help? it will still give you login screen, but if you do help.do? it will(should) work

0 Helpfuls

Go to solution
David King
Giga Contributor
In response to Goran WitchDoc

‎08-14-2018 04:10 PM

I had forgotten to do so, after changing it to help.do it's now redirected me to our SSO login site, which is different to the previous alertbox login, but still requiring a login.

It's curious because going to our instance /csm doesn't require sso, but going to /help.do does, I may have to make an exception somewhere

0 Helpfuls