The CreatorCon Call for Content is officially open! Get started here.

Encryption Field Not working when using web sevices. setContextID, setDisplayValue functions not working when using web service

santoshsahoonis
Kilo Guru

Hi,

I am using a encryption field in my incident form.
When i'm updating the incident from service now UI, then the encrypted field is getting updated properly.

But, when I'm updating the same incident form via SOAP web services, the encrypted field is not getting updated.
I have used setContextID and setDisplayValue functions for that encryted field.

I think that setContextID is not working for web services.
kindly, let me know any workaround or any solution to this problem.


Thanks & Regards,
Santosh Sahoo

5 REPLIES 5

Christopher_Mal
ServiceNow Employee
ServiceNow Employee

I am also seeing this issue and I am looking into it.


Hi,
I am also facing the same issue.
The difference is I am trying to incorporate script into calculated box by checking calculated checkbox inside encrypted field's dictionary and the script doesn't work but the same script works for normal text box field.
Any idea on this?


Hopefully this helps someone.

In dealing with the issue I had this is what I found and pieced together from the below wiki articles.

My incoming web services were being pushed off to a scheduler and the transform and process of that data was running as system.

Setting the value of an glide_encrypted field relies on a user to have a specific context. Not even admin can override this. When incoming web services came into my instance they ran as system. System is not a user with an encryption context.
Even when I impersonate users within the code I was prevented (as shown in the first wiki article here) from inheriting the encryption context.

http://wiki.servicenow.com/index.php?title=Encryption_Support_FAQ

http://wiki.servicenow.com/index.php?title=Encryption_Support_Plugin

http://wiki.servicenow.com/index.php?title=Encryption_Scripting


Chris, you're exactly right.



For security, this cannot be done.


Imports, scheduled reports, email processing, scheduled jobs and anything else that run "in the background" use impersonation (the real job runner is technically "system") and decryption is prevented in impersonated and non-interactive sessions due to security.



The best I could do in my attempts is get an odd value back when I used the "gs.getEncryptionContext()":


8f0810bddc29ad00faa533ccb739cec3:null // [sys_id_of_encryption_context]:null


All of my .getDisplayValue() calls returned blank.



See the Encryption Support FAQ wiki, section 1.8:


Import Sets run as user System. Therefore, import sets cannot add data to encrypted fields.