jsrsasign

ewj · ‎11-06-2015

i was tasked with integrating ServiceNow with our second-factor authentication vendor (Ping Identity). the goal was to be able to automate administrative processes that would otherwise be worked on manually and only during business hours.

this brought up the need to use JWTs for our first time. jsrsasign was the recommended javascript library per our vendor and general googling. all i had to do was get it working in ServiceNow. of the many ways this is probably possible, this is how i did it:

requirements:

maintain original source code of jsrsasign with the least amount of modification necessary
that it works

resources used

jsrsasign
brackets
service-now community
coffee
sleep iou's

process:

create script include

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function() {
       },
       type: 'jsrsasign'
};

the entire minified source for jsrsasign will be put in the initialize function of the script include. there were some errors at first relating to window and navigator not being defined. this was resolved by declaring these as objects before pasting in the jsrsasign code. (i've spared your scroll bars by not pasting in the entire code for jsrsasign-5.0.1-all-min.js. you would paste in after line 5 in the script example below.)

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function () {
               var navigator = {};
               var window = {};
       },
       type: 'jsrsasign'
};

the other error i had, and the one modification i had to make to the jsrsasign source, was with a primitive type error related to an if statement in the cryptojs library. this was worked out, thanks to a tip from chrisc., by using JSUtil.notNil. run a replace on:

if(p)

and replace with:

if(JSUtil.notNil(p)) /*modified from original value of if(p)*/

next, i created functions that called one of the specific functions from jsrsasign that i needed.

       signJWT: function (alg, sHeader, sPayload, key, pass) {
               var sign = KJUR.jws.JWS.sign(alg, sHeader, sPayload, key, pass);
               return sign;
       },

i have another script include that builds and packages the required json headers/payload and sends the request up to our vendor. i run my new JWT function from that script include by calling:

new jsrsasign().signJWT(alg, sHeader, sPayload, key, pass);

results:

instant authenticated request/response to our 3rd party app to deprovision mobile devices.
zero-touch results for users around the clock.

dmfranko · ‎09-19-2016

Hey Erik,

I've been using a similar solution for a while now, but I'm finding that it's not working on Helsinki. It was working on Geneva, but now even using JSUtil.notNil(p) is returning the same 'Primitive type expected (had org.mozilla.javascript.Undefined instead).' Have you used this on Helsinki yet?

chrisc. Any ideas?

Dan

ewj · ‎09-19-2016

still on fuji. i'll have to keep an eye on this for when we go to helsinki.

ewj · ‎09-19-2016

that api looks perfect. oh, where were you Certificate encryption APIs when i needed you back in the day? looking forward to moving over to the new solution.

dmfranko · ‎09-19-2016

This is awesome. The only thing I'm stuck on is the base64toURLEncoding. Are you using some external library for that, or are you able to accomplish it with platform code. Totally agree about the performance improvement!