The CreatorCon Call for Content is officially open! Get started here.

jsrsasign

ewj
Kilo Expert

‎11-06-2015 03:03 PM

i was tasked with integrating ServiceNow with our second-factor authentication vendor (Ping Identity).   the goal was to be able to automate administrative processes that would otherwise be worked on manually and only during business hours.


this brought up the need to use JWTs for our first time.   jsrsasign was the recommended javascript library per our vendor and general googling.   all i had to do was get it working in ServiceNow.   of the many ways this is probably possible, this is how i did it:

requirements:

  • maintain original source code of jsrsasign with the least amount of modification necessary
  • that it works

resources used

process:

  • create script include

        

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function() {
       },
       type: 'jsrsasign'
};

  • the entire minified source for jsrsasign will be put in the initialize function of the script include.   there were some errors at first relating to window and navigator not being defined.   this was resolved by declaring these as objects before pasting in the jsrsasign code. (i've spared your scroll bars by not pasting in the entire code for jsrsasign-5.0.1-all-min.js.   you would paste in after line 5 in the script example below.)

var jsrsasign = Class.create();
jsrsasign.prototype = {
       initialize: function () {
               var navigator = {};
               var window = {};
       },
       type: 'jsrsasign'
};

  • the other error i had, and the one modification i had to make to the jsrsasign source, was with a primitive type error related to an if statement in the cryptojs library.   this was worked out, thanks to a tip from chrisc., by using JSUtil.notNil.   run a replace on:

if(p)

  • and replace with:

if(JSUtil.notNil(p)) /*modified from original value of if(p)*/

  • next, i created functions that called one of the specific functions from jsrsasign that i needed.

       signJWT: function (alg, sHeader, sPayload, key, pass) {
               var sign = KJUR.jws.JWS.sign(alg, sHeader, sPayload, key, pass);
               return sign;
       },

  • i have another script include that builds and packages the required json headers/payload and sends the request up to our vendor.   i run my new JWT function from that script include by calling:

new jsrsasign().signJWT(alg, sHeader, sPayload, key, pass);

results:

  • instant authenticated request/response to our 3rd party app to deprovision mobile devices.
  • zero-touch results for users around the clock.
0 Helpfuls
  • 5,585 Views
21 REPLIES 21

ewj
Kilo Expert
In response to dmfranko

‎09-19-2016 05:55 PM

i used an external library.   pared out the items i didn't need and added what i wanted into a script include.



var Base64x = Class.create();

Base64x.prototype = {

       initialize: function() {

       },

       

// ==== base64 / base64url ================================

/**

 * convert a Base64 encoded string to a Base64URL encoded string.<br/>

 * Example: "ab+c3f/==" &rarr; "ab-c3f_"

 * @param {String} s Base64 encoded string

 * @return {String} Base64URL encoded string

 */

b64tob64u:function (s) {

       s = s.replace(/\=/g, "");

       s = s.replace(/\+/g, "-");

       s = s.replace(/\//g, "_");

       return s;

},



/**

 * convert a Base64URL encoded string to a Base64 encoded string.<br/>

 * Example: "ab-c3f_" &rarr; "ab+c3f/=="

 * @param {String} s Base64URL encoded string

 * @return {String} Base64 encoded string

 */

b64utob64: function (s) {

       if (s.length % 4 == 2)

   {s = s + "==";

       }else if(s.length % 4 == 3) {

   s = s + "=";

       s = s.replace(/-/g, "+");

       s = s.replace(/_/g, "/");

   }

   return s;

},



               type: 'Base64x'

};

dmfranko
Kilo Guru
In response to ewj

‎09-19-2016 06:05 PM

Excellent.   That was less complicated than I thought it was going to be.


0 Helpfuls

Pranav Bhagat
Kilo Sage
In response to ewj

‎07-21-2017 06:15 AM

Hi Erik


I am not able to run you code ,can you please help me .


Thanks


Pranav


0 Helpfuls

Pranav Bhagat
Kilo Sage
In response to chrisc_

‎07-21-2017 06:13 AM

Hi Chris


The document that you are referring ie Certificate encryption APIs is not accesible ,can you please help me out with it


Thanks


Pranav


0 Helpfuls

ark6
Mega Guru
In response to chrisc_

‎01-05-2018 09:24 AM

Hi Chris,



I am going through the code and found that you have used



var certTools = new CertTools();



Could you please explain if this is a script include?


0 Helpfuls