Need help to establish connection with mtls authentication with outhJWT assertion for added security

Venkata Krishna
Tera Contributor

We have a requirement where vendor needs mtls + outhjwt assertion to generate access token.

> we have generated custom cert using javakeystore in our midtier (servicenow provided cert is not acceptable for vendor due to wild characters in common name)  and imported the keystore in servicenow certificates folder. we also imported vendor pem cert in certificates folder.

> created protocol

> created JWT key entry with reference to keystore created above. algorithm used RSA 256. vendor using HS256.

> created JWT Provider entry with claims provided by vendor

> created oauth application registry entry with JWT bearer as grant type and also enabled mutual authentication flag.

when trying to generate token getting below error.
the request is missing a required parameter, includes an unsupported parameter value (other than grant type),repeats a parameter, includes multiple credentials,utilizes more than one mechanism for authenticating the client, or is otherwise malformed. 

 

 

 

1 ACCEPTED SOLUTION

Venkata Krishna
Tera Contributor

Hi Srikanth,

 

The KB is helpful. we were able to establish connection already with these below steps.

> Created custom DNS and  redirect to ServiceNow instance. Created custom url for the instance by installing plugin(not sure whether this step is needed but created as part of one the resolution provided related to certificate issue)

> Installed jks file with custom cert signed CA authority and trust source cert by vendor in Certificates folder.

> Created Protocol for keystore created.

>  Created JWT  key entry with client secret as signing key (HMAC 256) provided by Vendor.

> Created JWT provider with reference to JWT Key created above.

>Created rest message with mutual authentication flag enabled with reference to protocol profile and created http methods for accessing token and resources.

> Http methods inherit mutual trust from rest message and its http headers and content parameter variables gets their values from flow designer custom action scripts(JWT assertion ,JWT Token and Payloads, uuid(v4 style). 

View solution in original post

2 REPLIES 2

srikanthgunuru
ServiceNow Employee
ServiceNow Employee

Hi Venkata Krishna,

Yes, JWT OAuth 2.0 + mtls is supported. 

The following KB article - 

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/integrate/authentication/task/c...

 

 

Venkata Krishna
Tera Contributor

Hi Srikanth,

 

The KB is helpful. we were able to establish connection already with these below steps.

> Created custom DNS and  redirect to ServiceNow instance. Created custom url for the instance by installing plugin(not sure whether this step is needed but created as part of one the resolution provided related to certificate issue)

> Installed jks file with custom cert signed CA authority and trust source cert by vendor in Certificates folder.

> Created Protocol for keystore created.

>  Created JWT  key entry with client secret as signing key (HMAC 256) provided by Vendor.

> Created JWT provider with reference to JWT Key created above.

>Created rest message with mutual authentication flag enabled with reference to protocol profile and created http methods for accessing token and resources.

> Http methods inherit mutual trust from rest message and its http headers and content parameter variables gets their values from flow designer custom action scripts(JWT assertion ,JWT Token and Payloads, uuid(v4 style).