Hello,
This is a very long post however is filled with a significant level of detail to aid in finding a solution.
We are in the process of setting up our ServiceNow Instance to connect to an On-Prem Ansible Tower Instance to aid us in automation within our environment through IntegrationHub. First things first the documentation we found on the docs.service-now.com website and the ansible.com website ate completely different.
and needless to say neither of them worked. and i'm not 100% sure why.
The Setup
Docs.servicenow.com - Register Ansible Tower as OAuth Provider
- Paste the Redirect URL value into the Redirect URI for your custom Ansible Tower application. For example, paste https://<instance-name>.service-now.com/api/sn_ansible_ spoke/ansible_oauth_redirect.
Docs.servicenow.com - Create Credential Record for Ansible Spoke
Problem Number 1, Credentials tab does not exist in the Ansible Record created by the spoke. It is hidden through a rule specifying that the type must be credential not connection and credential.
Ignoring this for the moment, I went to the related lists and added OAuth 2.0 Credentials, Click on New, populate the record and Click Submit.
Problem Number 2, you cannot create a credential associated to the credential alias developed by the tower spoke due to it not being a type of Credential.
To completely get around this, I went to IntegrationHub > Credentials and click New and selected OAuth 2.0 Credential
It's setup as follows:
Docs.servicenow.com - Create Connection Record for Ansible Spoke
- Click Submit.
Ansible.com - Preparing ServiceNow
- Navigate to System Definition > Certificates
- Name: Descriptive name of the certificate
- Format: PEM
- Type: Trust Store Cert
- PEM Certificate: The certificate to authenticate against Ansible Tower with. You can use the built-in certificate on your Tower server, located at /etc/tower/tower.cert. Copy the contents of this file into the field in ServiceNow.
- Navigate to System OAuth->Application Registry
- Select Connect to a third party Oauth Provider
-
On the new application screen, fill in these details:
- Name: Descriptive Application Name
- Client ID: The Client ID you got from Ansible Tower
- Client Secret: The Client Secret you got from Ansible Tower
- Default Grant Type: Authorization Code
- Authorization URL: https://<tower_url>/api/o/authorize/
- Token URL: https://<tower_url>/api/o/token/
- Redirect URL: https://<snow_instance_id>.service-now.com/oauth_redirect.do
- At the bottom, there should be two tabs: Click on the tab Oauth Entity Scopes. Under here, there is a section called Insert a new row…. Double click here, and fill in the field to say Writing Scope. Click on the green check mark to confirm this change.
- click the Oauth Entity Profiles tab. There should be an entity profile populated - click into it.
- You will be taken to the Oauth Entity Profile Window. At the bottom, Type Writing Scope into the Oauth Entity Scope field. Click the green check mark and update.
-
Navigate to System Web Services-> REST Messages. Click the blue New button. In the resulting dialog window, fill in the following fields:
- Name: Descriptive REST Message Name
- Endpoint: The url endpoint of the Ansible Tower action you wish to do. This can be taken from the browsable API at https://<tower_url>/api
- Authentication Type: Oauth 2.0
- Oauth Profile: Select the Oauth profile you created
-
Under the HTTP Methods section at the bottom, click the blue New button. At the new dialog window that appears, fill in the following fields:
- HTTP Method: POST
- Name: Descriptive HTTP Method Name
- Endpoint: The url endpoint of the Ansible Tower action you wish to do. This can be taken from the browsable API at https://<tower_url>/api
- HTTP Headers (under the HTTP Request tab)
- The only HTTP Header that should be required is Content-Type: application/json
-
Under the HTTP Methods section at the bottom, click the blue New button. At the new dialog window that appears, fill in the following fields:
- HTTP Method: GET
- Name: Descriptive HTTP Method Name
- Endpoint: The url endpoint of the Ansible Tower action you wish to do. This can be taken from the browsable API at https://<tower_url>/api
- HTTP Headers (under the HTTP Request tab)
- The only HTTP Header that should be required is Content-Type: application/json
Testing
Something to take into consideration is that in both scenarios the same result / error occurs.
Testing from:
- IntegrationHub > Credentials > Ansible
- System Web Services > Outbound > REST Messages > Ansible Tower
Click on the Related Link
Get OAuth Token
First I am prompted with a long screen to ansible tower (This is unexpected as we have setup an oauth connection between applications)
I Login, and them am prompted to Authorise service-now-application to write to Ansible Tower. I Click on the Authorize button.
Following this I am prompted to login to my ServiceNow Instance, i do so with the system administrator credentials.
Immediately after logging in i get an error telling me the Token URL is incorrect even though it matches exactly to both sets of documentation.
Does Anyone who has setup this spoke have any guidance / suggestions on what may be causing this to fail?
Kind Regards
Nic Nagtzaam
