Configuring External Credential Storage for Discovery

Megan28
Kilo Contributor

‎04-16-2020 06:43 AM

Is there anyone out there who has successfully used an external credential storage repository (not CyberArk)? For Discovery, I need to get credentials from a third party vault and store them in the ServiceNow instance.

I've read these docs:
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/c_Ex...
- https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/credentials/concept/exte...

and I have created a JAR file (that just does some logging for now). I attached the JAR to the mid server. How do I go about executing this JAR so that I can test my code?

Labels:
0 Helpfuls
  • 1,979 Views
10 REPLIES 10

Megan28
Kilo Contributor
In response to Ryan Zulli

‎04-20-2020 07:09 AM

I'm trying to integrate a 3rd party external cred vault so SN Discovery can use those creds. I assumed once obtaining those creds via the mid server that they are stored in a SN instance per this diagram from the docs:
find_real_file.png

Preview file
453 KB
0 Helpfuls

Ryan Zulli
ServiceNow Employee
ServiceNow Employee
In response to Megan28

‎04-20-2020 08:08 AM

no that is not true - once the external credential plugin is enabled and you've written the JAR file to communicate with that credential storage system, the mid server will use a pointer, credential ID.  The mid server retrieves the credential associated with that credential ID, uses it and returns it back to the external credential storage system. We do not store that credential on the instance nor do we send it to the instance.

0 Helpfuls

tim_broberg
ServiceNow Employee
ServiceNow Employee

‎04-27-2020 06:18 PM

find_real_file.png

Hurray! It works!

Here's what I did:

  1. Coded up my little CredentialResolver with a main() method based on the demo version in the docs to debug, but calling into the relevant API and retrieving credentials. Debugged until it mostly works.
  2. Installed the External Credential Storage plugin. (It's free, but has to be installed by ServiceNow?! x^P)
  3. Created a credential to test with, marking it external.
  4. Built my jar file.
  5. Created a jar record for the mid server and attached the jar file. (Mid restarts, synchs jar file.)
  6. Test credential.
  7. Bang head on keyboard.
  8. Tinker with something ineffectual.
  9. (Repeat steps 6 - 9)
  10. Modify package of CredentialResolver to package com.snc.discovery;
  11. (Repeat steps 4 - 6)
  12. Post good news to community.servicenow.com!

    - Tim.

Preview file
14 KB

Megan28
Kilo Contributor
In response to tim_broberg

‎04-29-2020 09:34 AM

Thank you so much for your reply! I can only imagine how good it feels to get to that screen. I've gotten through #6, except that the main() method in my jar is just doing some standard logging because I wanted to see when that method was called. So far I haven't been able to see those logs in the mid server.

Also--did you remove all the boilerplate code that was using a properties file to store the credentials?

Side question - did you find yourself using Java/Spring to make calling out to the API easier? Or did you use a simpler way to make the HTTP call?

0 Helpfuls

Megan28
Kilo Contributor
In response to tim_broberg

‎05-07-2020 06:49 AM

Hi Tim, if you have some time, I would really appreciate if you could take a glance at the questions I asked in my first reply. I'm currently still working through this. Thanks for the help so far!

0 Helpfuls