Authentication Options through MID Server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2023 07:49 AM
What authentication methods are available using the MID Server to make an outbound rest call to Ansible? We need to use the Mid Server to resolve the local DNS. It does work with the Basic Authentication, but we would like something more secure, for example OAuth 2 and we have been unable to get anything other than Basic Auth to work. We are using FLOW with Ansible Spoke.
Yes, there are limitations already stated in the documentation, so more looking for some out-of-the-box thinking from the community on what options we might have. Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2023 01:32 AM
Hey Ryan,
There is always the option to build your own REST message operations. I’ve done that in a simpler example here.
In short, you can use the flow designer to build a subflow for your integration. I’ve done that in the past quite successfully whenever we have integrations which require:
1) To run via the mid-server
2) Use an authentification bearer token
The way this works is pretty straight foward:
1) Create a subflow with at least 3 inputs: Authorization URL endpoint (where you’d retrieve the token from), Integration URL endpoint, referenced authentification credential (We mostly use a credential record to store an encrypted credential for retrieving the authorization token)
2) Have your first interaction get the authorization token (i would propose you use the way i’ve linked in the article. NOTE: we’ve encountered a bug, where we need to insert a step to decrypt the credential referenced in the input and encrypt it again in a temporary variable (this should do nothing, but it fixes an issue where the mid-server wouldn’t decrypt the credential - don’t ask me why this works, i don’t know…). Put the token into a temporary variable.
3) Create another API call and add the authentification token into the REST header.
4) Transform the output and add some error handling.
The important part is to utilize the MidServer via the scripting i posted as a reference and decrypt the credential on the MidServer. Otherwise, the credential is decrypted on the ServiceNow side and then pushed to the MidServer unencrypted. The credential will then appear in logging and the ECC queue. NOTE: if you have a basic authentification for the authorization endpoint, you can use the ootb REST call action and just add it to the authentification parameters. Only if you need to provide a credential in another place (e.g. the body or endpoint URL) you might need to use the custom scripting from the article.
Overall this allows you to implement any integration with any endpoint using a token based authentification. Same principle applies when working with session based REST endpoints. Just open a session with one action and then execute your actions within that session handing over the session parameters.
In short: Almost anything you can do in javascript is codeable in reusable actions. Please feel free to generalize and parametrize these custom subflows as you can then create a set of subflows for each of the authentification ways you require. Also note, that a session + token based integration is possible by just combining the two.
Hope this helps.
Regards
Fabian
