Using Powershell and REST API to collect data from ServiceNow through SAML authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 06:24 AM - edited 03-02-2023 07:35 AM
When I attempt to use the following Powershell code, I am getting a 401 Unauthorized error. I have confirmed the username and password are accurate, and the user has roles for itil, rest_service, snc_platform_rest_api_access, and rest_api_explorer, and is also an admin on our instance.
Our ServiceNow login uses SAML authentication, so I'm assuming it is related to this, but I have not been able to find a solution.
Any help would be appreciated!
Here's the code I'm working with:
# Eg. User name="admin", Password="admin" for this code sample.
$user = "admin"
$pass = "admin"
# Build auth header
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $pass)))
# Set proper headers
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Authorization',('Basic {0}' -f $base64AuthInfo))
$headers.Add('Accept','application/json')
# Specify endpoint uri
$uri = "https://<Instance Name>.service-now.com/api/now/table/sc_req_item?sysparm_query=active%3Dtrue%5Ecat_item%3D34f20fecdb657c103fca9709f496195a&sysparm_display_value=all&sysparm_fields=number%2Cactive%2Cshort_description&sysparm_limit=10"
# Specify HTTP method
$method = "get"
# Send HTTP request
$response = Invoke-RestMethod -Headers $headers -Method $method -Uri $uri
# Print response
$response.RawContent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2023 02:48 PM
The 401 Unauthorized error indicates that the credentials provided in the authentication header are not valid or not authorized to access the requested resource. In your case, since ServiceNow uses SAML authentication, you may need to obtain an access token or session token using SAML authentication and include it in the authentication header.
You can use the ServiceNow API Explorer to generate the code required for obtaining an access token using SAML authentication. Here are the steps:
Log in to your ServiceNow instance and go to the API Explorer (https://<your_instance_name>.service-now.com/api-docs/index.html#!/authentication/Samlv2_post).
Expand the "SAMLv2" section and click on the "POST /authn/samlv2" operation.
In the "Request" section, enter the SAML assertion XML in the "saml_assertion" field. You can obtain the SAML assertion XML by configuring your SAML identity provider to send SAML assertions to ServiceNow.
Click on the "Try it out!" button to send the request and obtain the access token.
In the "Response" section, copy the "access_token" value.
Modify your PowerShell code to include the access token in the authentication header as follows:
# Eg. User name="admin", Password="admin" for this code sample.
$user = "admin"
$pass = "admin"
# Build SAML assertion
$saml_assertion = "<enter your SAML assertion XML here>"
# Set proper headers
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Authorization', "Bearer <enter your access token here>")
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
$headers.Add('Saml-Assertion', $saml_assertion)
# Specify endpoint uri
$uri = "https://<your_instance_name>.service-now.com/api/now/table/sc_req_item?sysparm_query=active%3Dtrue%5Ecat_item%3D34f20fecdb657c103fca9709f496195a&sysparm_display_value=all&sysparm_fields=number%2Cactive%2Cshort_description&sysparm_limit=10"
# Specify HTTP method
$method = "get"
# Send HTTP request
$response = Invoke-RestMethod -Headers $headers -Method $method -Uri $uri
# Print response
$response.RawContent
Make sure to replace <enter your SAML assertion XML here> and <enter your access token here> with the actual values obtained from the API Explorer. Also, replace <your_instance_name> with the actual name of your ServiceNow instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2023 07:34 AM
Thank you for your in-depth reply.
I was able to readjust the user in ServiceNow to work with basic auth, so I no longer need this solution, but I wanted to flesh out your explanation to confirm if it would have worked, so hopefully help someone in the future. I was unable to find the SAMLv2 section in the REST API Explorer page, as you desribed it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2023 10:11 AM
Please mark the answer as correct, if useful.
