Pass Credentials Through URL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-21-2009 06:07 PM
Hello ,
Im trying to use the XML output option via HTTP to gather data and incident information for easy, and on-the-fly usage on our internal IT dashboards.
My only problem is the authentication, in unable to directly consume the XML output because the page requires the user be logged in.
ie
https://instancename.service-now.com/incident_list.do?sysparm_query=u_business_service%3Dd5bdf2180a0a3c1b016460a73dae94b8&sysparm_format=false&XML
This outputs the XML i want, but only when im logged in. When the server side script tries to grab that data, it fails.
Is there a way to pass through the credentials through the URL ? or configure access permissions on this output?.
Iv already analyzed the post data and tried to attach the additional URL variables as follows, with no luck.
user_name=usernamehere&user_password=passwordhere&ni.nolog.user_password=true&rememberme=true&screensize=1280x800&sys_action=sysverb_login¬_important=
Any suggestions ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-21-2009 09:52 PM
An update .. I have half found the solution , iv discovered this WIKI post http://wiki.service-now.com/index.php?title=External_Authentication_(Single_Sign-On_-_SSO)#Unencrypted_HTTP_.28SiteMinder.29
which describes what I want , and although iv got it working with the Unencrypted method , its very insecure. I would like to use the Encrypted Token , but I cant find any information on how to generate one.
Any help would be appreciated.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-22-2009 04:24 PM
Anyone?. Iv built a tool thats going to do the job I need, although I cant figure out how to secure the web interface. I really need to implement this encrypted token method, I just dont know where im supposed to generate it.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-22-2009 05:08 PM
You will not get any added security of using an encrypted token over a digested token. You can follow the digested token route in the wiki article and it should suit your needs.
I'm not sure that it is ever a good idea to allow this type of SSO going over the URL. I would make sure that I set the values in the header so that your username and token are SSL encrypted.
Good luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-22-2009 05:37 PM
Thanks for the reply Jacob.
Yes, its not an ideal solution , but for the moment its an option that will give me the results I need.
I plan on writing some more web service related solutions eventually.
Regarding the digested token, how do I go about generating the encrypted token string? Is there somewhere in service now that I can do this ?. I didnt see this mentioned in the WIKI post, just what algorithms are used.
I tried just encrypting my username using a SHA1 hashing tool on the web, but with no luck.
Cheers