- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hey there, team.
I've been working on this Jira / SNow bidirectional integration for a bit, and we've reached a snag that I can't seem to unravel.
We can create and update fields in SNow and have them send to Jira. But when we make a Jira update, the webhook triggers the subflow, but we immediately error out with a security error at "Look up problem record."
When I look at the execution log, it says the subflow is being run by "guest." So, I changed the Run As configuration to be System Administrator, and tested again, but it's still running as Guest.
In order to try and correct this, I even temporarily granted our "guest" account Admin privileges, but that didn't override the security constraints.
What am I missing?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hello @Venjamin
The subflow is running as Guest because the Jira webhook request is unauthenticated. The "Run As" configuration is ignored for unauthenticated triggers.
The solution is to authorize the inbound webhook request using the Token Verification method built into the ServiceNow Jira Spoke.
-
Create a Token Verification record.
-
Use the complete Callback URL (which includes the token as a query parameter) from the Jira Webhook Registry when configuring the webhook in Jira.
-
This token authorizes the request, allowing the subflow to execute under the System User context, thereby resolving the security error.
For detailed steps, refer to the ServiceNow Community article A Practical Use for Setting Up Jira to ServiceNow Bi-Directional Integration with Webhooks
If my response has helped you, hit the helpful button, and if your concern is solved, do mark my response as correct.
Thanks & Regards
Viraj Hudlikar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hello @Venjamin
The subflow is running as Guest because the Jira webhook request is unauthenticated. The "Run As" configuration is ignored for unauthenticated triggers.
The solution is to authorize the inbound webhook request using the Token Verification method built into the ServiceNow Jira Spoke.
-
Create a Token Verification record.
-
Use the complete Callback URL (which includes the token as a query parameter) from the Jira Webhook Registry when configuring the webhook in Jira.
-
This token authorizes the request, allowing the subflow to execute under the System User context, thereby resolving the security error.
For detailed steps, refer to the ServiceNow Community article A Practical Use for Setting Up Jira to ServiceNow Bi-Directional Integration with Webhooks
If my response has helped you, hit the helpful button, and if your concern is solved, do mark my response as correct.
Thanks & Regards
Viraj Hudlikar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Thank you for your response.
I did use the token and the complete callback URL. I just validated the URL again just to make sure that it was still an exact match for the callback URL.
From what I can see, that is the entire process we've followed, we're just getting locked out for some reason. Is there another security location or property that maybe I'm not seeing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I redid the token, and removed the "secret" on Jira side, and the communication is enabled now. Thank you all for your assistance.
