Madrid: JWT Token setup for OAuth - magically disappearing x509 Cert record

Go to solution
Mark Tubesing
Tera Expert

‎03-05-2019 02:46 PM

Working in personal dev instance on Madrid and trying to follow the instructions here:

https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/security/task/JWT-...

First issue is that the doc refers to "Multi-Provider SSO > x509 Certificate" to setup the cert.  I don't find that in my instance nav.  Not sure if I'm missing a role?

 

Ignoring that, I can compose a JWT Keys record and in the Signing Keystore field, I can also create a new x.509 cert record.  I upload the *.P12 file with the password and validate the keystore. 

When I update/save and return to the JWT key record - the x509 cert record has disappeared.  Have tried multiple ways/times to save the x509 Cert record and it just seems to disappear.

What am I missing here?  Thanks!

 

0 Helpfuls
  • 1,118 Views
1 ACCEPTED SOLUTION

Go to solution
hharkema
ServiceNow Employee
ServiceNow Employee

‎03-11-2019 02:52 PM

Hi marktubesing,

 

  • Did you install the plugin 'Integration - Multiple Provider Single Sign-On Installer' ?
  • Did you check if the key record is there in "System Definition >> Certificates " ? 
  • If i'm not mistaken the siging keystore needs to be of type 'Java Keystore'. I think you created a PKCS12 keystore.
  • To convert PKCS12 into a Java Keystore run something like: 
keytool -importkeystore -srckeystore key.p12 -srcstoretype pkcs12 -srcalias privatekey -destkeystore key.jks -deststoretype jks -deststorepass somepass -destalias privatekey

 

Best,

hharkema

View solution in original post

0 Helpfuls
2 REPLIES 2

Go to solution
hharkema
ServiceNow Employee
ServiceNow Employee

‎03-11-2019 02:52 PM

Hi marktubesing,

 

  • Did you install the plugin 'Integration - Multiple Provider Single Sign-On Installer' ?
  • Did you check if the key record is there in "System Definition >> Certificates " ? 
  • If i'm not mistaken the siging keystore needs to be of type 'Java Keystore'. I think you created a PKCS12 keystore.
  • To convert PKCS12 into a Java Keystore run something like: 
keytool -importkeystore -srckeystore key.p12 -srcstoretype pkcs12 -srcalias privatekey -destkeystore key.jks -deststoretype jks -deststorepass somepass -destalias privatekey

 

Best,

hharkema

0 Helpfuls

Go to solution
Mark Tubesing
Tera Expert
In response to hharkema

‎04-08-2019 07:17 AM

Thanks.  What I was missing was the plugin you mentioned.  Unfortunately, I don't see mention of that pre-req anywhere in the documentation I was working from.

0 Helpfuls