ServiceNow integration with Third Party application

shraddhap · ‎05-15-2019

Hello All,

We have a requirement where we need to integrate Servicenow with Third Party application which is IBM Resilient. IBM Resilient is not publicly accessible, so there are some challenges which we are facing.

Since Resilient is not on Public IP so need of MID server is must. But due to some security issue we will not install MID server and we have to use (AXWAY) API Management Gateway. Now we received final API from API Management team and configured Rest Message and set the Authentication as "Oauth 2.0".

Note: We are using Client ID and Client Secret id for Authentication

To establish connection with Resilient API we have to first call Session API which will consist of CSRF Token and JSESSION ID and we got status as 200 OK for Session API . Next step is to call another API which is Comments API which will be used to update worknotes or comment from ServiceNow to resilient.

But when we are calling the second API we need to pass that CSRF Token and Jsession ID which we received from Session API. But it seems its not working for us, it gives us a 401 error i.e "Invalid User name and password combo".

Please let us know if there are any other configuration need to be add in Servicenow which we may missing in our case.

Also is there any other way if we can achieve this kind of Integration when Application is on premise. (behind Firewall)

Please find attached code and let me know if any correction or suggestion.

mmaraj1 · ‎05-15-2019

I have a question. In your sendTaskNotes function, why didn't you include this r.setStringParameterNoEscape('Cookie', 'JSESSIONID=1714127B75152244032417A76DF5654F');?

shraddhap · ‎05-16-2019

Hello,

I forgot to mention that we received CSRF Token but we are not able to get JESSION ID from that application. Would like to know how to parsed JSESSION ID from Cookie which we received from third party application.

mmaraj1 · ‎05-17-2019

What format are you getting the response xml or json?

Terry Carter Jr · ‎05-28-2019

Shraddhap,

Sorry for the delay in the response as I was attending Knowledge 19 in Las Vegas and had to catch up with my work stuff when I got back.

Have you verified that you have the REST MESSAGE properties setup correctly with the correct Authentication Type? You will get the logon credentials from your security team as they will most likely be the ones that set the authentications from these servers. This can cause an issue if you are not utilizing the correct credentials.

Also you will need business rules setup in the application as well. I have the following business rules setup below for my integration:

Resilient Incident Assignment, Resilient Work Notes, Resilient Additional Comments, & Resilient Incident Update.

The IBM Resilient application talks to their server then send this information over to our mid-server which then transmits this info over to ServiceNow and creates, updates, & closes the Security Incidents from within ServiceNow. Also ServiceNow is also able to talk back to the IBM Resilient application as well using this same process. Using a mid-server allows transmitting status back and forth in real-time.

And I forgot to mention that I created a custom application in ServiceNow for this process as well. Doing so allows me to only intervene when something is not working as designed and also allows our Information Resiliency team on-site to do everything from within their IBM Resilient application.

I know I covered alot but please let me know the status of where your organization is with this integration and I will try to help out the best way that I can.

Kind regards,

Terry Carter