Inbound Web Service Calls without Basic Authentication

Mujtaba Amin Bh
Mega Guru

‎08-04-2017 05:15 AM

Hi Guys,

Is there a possibility in ServiceNow to do Inbound Web Service calls by using ws-security plugin without doing basic authentication?

Actual requirement is to do inbound and outbound web service calls without exchanging user credentials between ServiceNow and Third Party system.

For outbound calls I believe mutual authentication will work but not sure how to do this for inbound calls to ServiceNow.

Any ideas on how to approach this?

Labels:
0 Helpfuls
  • 3,028 Views
9 REPLIES 9

Stefan Baldhof1
Kilo Guru

‎08-04-2017 05:40 AM

Hi Mujtaba,



in addition to Lasses reply this might help: Make a page public



But I agree with him regarding the necessity of this requirement!



Regards,


Stefan


0 Helpfuls

antin_s
ServiceNow Employee
ServiceNow Employee

‎08-06-2017 08:37 PM

Hi Mujtaba,



This can be achieved by unchecking the below mentioned checkbox in the Resource form of Scripted Web Service.




find_real_file.png



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


Preview file
205 KB

antin_s
ServiceNow Employee
ServiceNow Employee
In response to antin_s

‎08-07-2017 08:48 PM

Hi mujtababhat ,



Did you get a chance to try it?



If my reply has helped your question, can you please mark it as correct to help the community?



Thanks


Antin


0 Helpfuls

Mohammad Nayeem
Tera Expert
In response to antin_s

‎04-20-2018 04:29 AM

Hello Antin,

 

You are right! By using this check-box, we can enable/disable the Authorization requirement for incoming REST Web-Service calls.

 

Can you let me know how to achieve the exact same thing for incoming SOAP Web-Service calls? I don't see an option in the Scripted SOAP Services.

 

Regards,

Mohammad

0 Helpfuls

Mohammad Nayeem
Tera Expert

‎04-20-2018 04:37 AM

Hi,

Are you referring to incoming REST call or SOAP call?

For incoming REST call, you have the option under Security Tab of the REST Resource to suppress the authentication requirement (see Antin's explanation in this discussion). This would impact only that particular REST Resource.

I have similar requirement for incoming SOAP call. I know that we could use the system property "glide.basicauth.required" to achieve this, but this would impact all the exposed SOAP Resources. I want this to be enabled for one specific SOAP Service. Any help on this would be deeply appreciated.

Regards,

Mohammad Nayeem

0 Helpfuls