The CreatorCon Call for Content is officially open! Get started here.

Run Python Script from Service Now Workflow

sachin_namjoshi
Kilo Patron
Kilo Patron

‎01-02-2019 10:45 AM

Hello,

I have developed python script to create users in DUO application for assigning them DUO token.

As per DUO documentation, we can consume DUO REST API only via python, perl or ruby clients. Service now can not consume DUO REST API directly due to security constraints.

I need to consume this python script from service now workflow.

What is the best way to call python script from service now platform?

Regards,

Sachin

 

Labels:
0 Helpfuls
  • 9,862 Views
15 REPLIES 15

Dhravesh Murpan
Mega Expert

‎01-02-2019 05:06 PM

can you tell me what issue you are facing in calling the REST api for DUO directly? I worked on DUO integration and was sucessfully able to create duo user via rest without using Python.

sachin_namjoshi
Kilo Patron
Kilo Patron
In response to Dhravesh Murpan

‎01-02-2019 09:02 PM

I tried to consume DUO REST API directly from service now and I was not successful.

When i contacted DUO support, they said that i need to write middleware script ( e.g python, ruby, perl etc) to consume DUO REST API since DUO REST expects HMAC signature for consuming their API.

Normal User name and password combination authentication doesn't work with DUO REST API.Hence, i was forced to develop python script to consume DUO REST API.

 

Can you give example code in service now to consume DUO REST API?  

 

Regards,

Sachin

TylerTeter
Kilo Guru
In response to sachin_namjoshi

‎01-03-2019 04:03 PM

I tend to agree with Dhravesh, if you can get it done directly using the API, your solution will be more scalable and maintainable than the Python Orchestration method. I would sincerely doubt the user cannot be created directly calling from servicenow.

ServiceNow support custom outbound REST messages where you can customize the parameters sent, if the normal auth doesn't work, and also you can call it via RESTMessageV2 from a workflow script.

https://docs.servicenow.com/bundle/london-application-development/page/integrate/outbound-rest/concept/c_OutboundRESTWebService.html

0 Helpfuls

Praful_1968
Tera Contributor
In response to TylerTeter

‎02-07-2024 11:52 PM

@TylerTeter I'm using the following script to access Cisco Duo Rest API. But i'm getting following error.  Your valuable inputs would be appreciated.

 

var gdt = new GlideDate();
var date = gdt.getByFormat("EEE, d MMM yyyy HH:mm:ss ZZ");
gs.info("Date: " + date);

var key = 'ffefvefevegveffsfeaffcs';
var method = 'POST';
var host_name = 'api-17f1f9ff.duosecurity.com';
var path = '/accounts/v1/account/list';
var param = ' ';
 
var body = date + '\n' + method + '\n' + host_name + '\n' + path + '\n' + param;
gs.info("Canonical representation: " + body);
var mac = new GlideCertificateEncryption();
var signature = mac.generateMac(key, "HmacSHA1", str);
gs.info("Hmac Signature is: " + signature);
 
var sig1 = new GlideDigest();
var sig =   sig1.getSHA1Hex(signature).toLowerCase();
gs.info("Hex value: " + sig);

var user = 'bfuewifriqfrhioofi';

var encodedAuth = GlideStringUtil.base64Encode(user + ':' + sig);
var basicauth = "Basic " + encodedAuth;
gs.info("authorization header is: " + basicauth);


//REST Call
var request = new sn_ws.RESTMessageV2();
request.setHttpMethod('POST');
request.setBasicAuth(user, sig);
request.setRequestHeader('Content-Length','0');
request.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
request.setRequestHeader('X-Duo-Date',date);

var response = request.execute();

gs.info("Response body: "+response.getBody());
gs.info("Request body: "+request.getRequestBody());
 
Response body: {"code": 40102, "message": "Invalid identity in request credentials", "stat": "FAIL"}
0 Helpfuls

Tyler Teter
Tera Contributor
In response to Praful_1968

‎02-08-2024 12:55 AM

This thread takes me back - lots of things have changed with the introduction of Flow Designer since 2019.

 

Based on your error code of 401, it's typically a credential issue, or it's an issue of your calling location. If you need to call this from through the MID server using RestMessageV2 you can use the setMIDServer("name") method.

 

Have you been able to validate if the API works another way? Like in postman or powershell or something? That call help you verify your authorization header is correct.

 

Finally, you can enable REST debug logging and look in the HTTP outbound logs for more verbose error information also.

Cheers!

0 Helpfuls