ServiceNow to SuccessFactors OAuth Setup

jaf
Kilo Contributor

‎01-18-2022 12:13 PM

SuccessFactors has notified us that we will no longer be able to use Basic Authentication for our integrations in the very near future.  We currently have an integration set up to pull employee data from SuccessFactors to ServiceNow using Basic Authentication as the mechanism to make the connection.  Can anyone point me in the right direction on any tutorials on how to get this changed from Basic Authentication to OAuth in ServiceNow?  I have found numerous documents, but none that are specific to the SuccessFactors connection from ServiceNow for this setup.  I have also tried following these documents and trying to figure this out on my own, but have had no success in getting it to work.

I have also seen some posts on this site with others struggling to get this setup properly, and even some notes saying that it isn't currently supported OOTB by ServiceNow to connect to SuccessFactors with OAuth.  I'm unsure if that is a true statement or not.  Any guidance would be appreciated.

Labels:
0 Helpfuls
  • 2,150 Views
3 REPLIES 3

Sushma R1
Tera Expert

‎01-18-2022 12:16 PM

I don't have documents as such currently but we did set it up using this doc https://docs.servicenow.com/bundle/rome-platform-administration/page/administer/security/task/t_SettingUpOAuth.html Hit helpful if it was 🙂
0 Helpfuls

Brett Watson
Tera Contributor

‎01-20-2022 06:17 PM

Kia ora Jaf,

Possibly not the most helpful response, but, after a few days trying to do it ourselves we ended up getting a consultant to do it for us.

I watched the consultant do it and this guy was an absolute whizz, but he still hit numerous blockers along the way and was constantly debugging here and there.

My advice, if you're not really proficient and can't call on someone else in the organisation then save yourself a few days and outsource this piece of work.

Good luck!

Brett Watson
Tera Contributor

‎02-09-2022 06:53 PM

Kia ora,

 

 

 

I shared the config we put in on my previous post for another community member, so maybe you will find it helpful too 😃

I haven't had time to tidy things up and move to production yet, so it isn't the world's tidiest scripting as it includes some stuff that was for troubleshooting (don't judge!) - it's fully functioning in Dev environment.

Application Registry /OAuth Provider (global scope)

 

OAuth Entity Profile (Global scope)

 

OAuth API Script

We used the script to recreate most steps of the OAuth process. If you can understand the script then you've got a good chance of being able to recreate on your side, but if not then you might be best to use this as evidence / justification for getting someone external to support on this piece 😃

 

var OAuthTupu = Class.create();
OAuthTupu.prototype = Object.extendsObject(OAuthUtil, {

getAssertion: function(){
//client secret is stored in a secured location and retrieved below to avoid putting it in the script

var secret = gs.getProperty('removedforprivacy');
var r = new sn_ws.RESTMessageV2();
r.setHttpMethod('post');
r.setEndpoint('https://api10.successfactors.com/oauth/idp');

r.setRequestBody('company_id=removedforprivacy&client_id=removedforprivacy&user_id=removedforprivacy&token_url=https%3A%2F%2Fapi10.successfactors.com%2Foauth%2Ftoken&private_key=' + secret);
r.setRequestHeader('Content-Type','application/x-www-form-urlencoded');

var response = r.execute();
var responseBody = response.getBody();
gs.info('ET idp response: ' + responseBody);
return responseBody;

},

preprocessAuthCode: function(requestParamMap) {
requestParamMap.put('access_type', 'offline');
},

preprocessAccessToken: function(requestParamMap) {
gs.info('ET hello');

var assertion = this.getAssertion();

this.oauthContext.addHeader("Content-Type","application/x-www-form-urlencoded");

requestParamMap.put("client_id","removedforprivacy");
requestParamMap.put("grant_type","urn:ietf:params:oauth:grant-type:saml2-bearer");
requestParamMap.put("company_id","removedforprivacy");
requestParamMap.put("assertion", assertion);

//gs.info("ET: co id" + this.oauthContext.getParameter("company_id"));
gs.info("ET: header" + this.oauthContext.getHeader("Content-Type"));
this.oauthContext.setTokenEndpoint("https://api10.successfactors.com/oauth/token");
var profGr = this.oauthContext.getOAuthProfile();
gs.info("ET: grant type" +profGr.getValue('grant_type'));

},
postprocessAccessToken: function(accessTokenResponse) {
gs.info('ET: response: ' + accessTokenResponse.getBody());
var contentType = accessTokenResponse.getContentType();
if (contentType && contentType.indexOf('application/json') != -1) {
var tokenResponse = (new global.JSON()).decode(accessTokenResponse.getBody());
var paramMap = accessTokenResponse.getparameters();
for (param in tokenResponse)
paramMap.put(param, tokenResponse[param].toString());
}
},

type: 'OAuthTupu'
});

 

REST Message

 

HTTP Method - Authentication

 

HTTP Method - Request

These are the custom filters which you might not need other than the $format = json.

NOTE - The yellow warning about token not being available is remedied by part of the OAuth API Script which gets a refreshed token each time it runs