Certificate based authentication for Inbound REST API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2021 06:00 AM
Hi Community,
I have a challenge at a client with the following scenario:
We want to connect a system to ServiceNow which pushes data into a table. The current system uses a certificate chain incl. client certificate to authenticate on other systems. I created a Scripted REST API with a POST resource - so far so good. The interface user should authenticate via mutual authentication which I implemented following this doc entry: Mutual Authentication. Both, the certificate chain and the client certification is valid. I also matched the client certification to the interface user. But when I now try to use this API I get the HTTP error 401: user not authenticated
{
"error": {
"detail": "Required to provide Auth information",
"message": "User Not Authenticated"
},
"status": "failure"
}I tested this with Postman (stored the client certificate in the "certificates" tab) and set the Authorization to "No Auth" because I want to avoid to use username + password. My expectation was that in this case the mutual authentication works and the incoming request incl. certificate will be matched based on the stored certificate chain and certificate + user match.
Any ideas?
Best regards
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-01-2021 06:23 AM
Hi
a mutual authentication is an explicit authentication method you have to choose. Just leaving basic auth will not trigger it.
Try the following search at Support Portal: https://support.servicenow.com/kb?id=ns_search&q=mutual%20authentication&spa=1&pp=kb_article_view
You will find there good articles regarding that topic
Kind regards
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2021 10:28 AM
Hi
In case you think I was able to answer your question, I would be happy if you mark the appropriate response as "correct" so that the question will appear as resolved for other users who may have a similar question in the future.
If not, please tell me what you are still missing.
Many thanks & kind regards
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2022 07:17 PM
Hi
Hope you're well. We struck at the exact same point where we implemented inbound mutual auth in ROME environment and getting the same error while testing with Postman. Could you please provide your inputs on how have you solved or any leads?
Appreciate your help and thank you 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2022 06:35 AM
Hi
the problem was that ServiceNow has to perform a datacenter change. If you activate the plugin for mutual authentication it is enabling mAuth for outbound but not inbound. So create an HI ticket and ask the support that they activate your instance for inbound mutual authentication. Sadly it is not covered by any official documentation.
After this change it worked for me.
I am not sure why ServiceNow does not enable inbound mutual authentication with the plugin 😕
Best regards,
Nico
