OAuth 2.0 for Qualys Integration for Security Operations

lyubenkonov
Tera Contributor

9 hours ago

Hello Forum,

 

We're migrating the Qualys Vulnerability Integration (Qualys Integration for Security Operations) from Basic Auth to OAuth 2.0 on ServiceNow Zurich.


Qualys's token endpoint (/auth/oidc) seems to require the credentials as two custom HTTP headers named exactly clientId and clientSecret, and returns the raw JWT as a plain string rather than a JSON object with an access_token field... I confirmed this by calling the same endpoint manually with curl, passing the credentials as headers, which returns a valid JWT: curl.exe -X POST "https://<gateway>/auth/oidc" -H "clientId: <id>" -H "clientSecret: <secret>"

 

ServiceNow's stock OAuth handler doesn't seem to be able to produce either, and the call fails with a 401.


Has anyone successfully configured this integration to use OAuth 2.0?

If so, how did you approach it?

Any tips/tricks are appreciated!

0 Helpfuls
  • 251 Views
2 REPLIES 2

Tanushree Maiti
Tera Patron

9 hours ago

Hi @lyubenkonov 

 

Can you validate your command once.

 

Refer:

https://www.servicenow.com/community/developer-forum/am-i-able-to-use-curl-command-on-a-developer-in...

 

Also check :

KB1275215 How to configure JWT authentication for inbound API calls 

 

 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

lyubenkonov
Tera Contributor
In response to Tanushree Maiti

8 hours ago

Hello Maiti,

Thanks for the provided documents, but they are revolving around inbound direction of traffic:
- KB1275215 is about inbound calls: configuring ServiceNow as a token provider so external clients can call into your instance using JWT. 
- And the curl thread is about Basic-auth'ing into ServiceNow's own REST API (base64 username:password). Also inbound, and about ServiceNow being the target, not the caller.


To clarify - I am asking about an outbound integration (ServiceNow → Qualys), not inbound. The curl works on its own, but the issue is that ServiceNow's built-in OAuth client can't send credentials as custom headers (clientId/clientSecret) on the outbound token request - it only sends Authorization: Basic or body params.

0 Helpfuls