DocuSign Spoke Configuration Question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-17-2019 05:18 AM
Hi,
I am trying to do a POC for the DocuSign integration and am having some difficulties with OAuth I was hoping someone could help me out with.
I am following this: https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/administer/integrationhub-store-...
I have followed the instructions to a T, and am getting an invalid_grant error when trying to get the token from DocuSign. I am pretty sure my issue is with the Java Key Store certificate part of the configuration. Is this Key Store something that DocuSign provides that I may be missing or is this something I will have to manually create with the public/private RSA keys DocuSign provides?
Any help would be greatly appreciated!
- Labels:
-
IntegrationHub
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2019 08:26 PM
Hi,
Please refer the below link to create Java Key Store (JKS), and follow the steps as mentioned in ServiceNow documentation.
http://www.agentbob.info/agentbob/79-AB.html
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2020 02:17 PM
I've had the same experience as you. I also expect it's the JKS certificate that is the issue but an unsure how it is supposed to be generated / retrieved. Did you manage to get it working?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2020 08:32 PM
I received this response on how to set up the DocuSign spoke from a HI ticket I raised. It explains how to generate the jks file and helped me progress.
Pre-Requisite:
- Should have DocuSign Account
- ServiceNow Instance with DocuSign Spoke Installed
Part 1:
Create an app in your DocuSign Account
- Login to your DocuSign Account
- Navigate to the Admin section & Click on API and Keys
- Click on ADD APP / INTEGRATION KEY button to create an Integration app
- Get hold of Integration Key & Secret Key
- Click on Add RSA Keypair & copy the Public, Private & Keypair ID into safer location
- Enter the value for Redirect URLs (e. g - https://yourinstancename.service-now.com/oauth_redirect.do)
Note: Make sure You select User Application as “Authorization Code Grant”
Part 2:
Generate the JKS File
- Copy the Private key that was generated from your DocuSign Integration app and make a new file key with this private key.
- Create CA signed certificate using private key, please run the below command for this
openssl req -new -x509 -key privatekey.key -out cacert.pem -days 1095
- Create PKCS 12 file using your private key and CA signed certificate, please run the below command for this (Set the Password, whenver it asks)
openssl pkcs12 -export -in cacert.pem -inkey privatekey.key -certfile cacert.pem -out testkeystore.p12
- Now, Create the JKS file by running the below command
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore ranDocusign.jks -deststoretype JKS
Part 3:
- Create the oAuth Profile & JWT Provider in your ServiceNow Instance
- Login to your ServiceNow instance
- Navigate to the System Definition -> Certificates & Click on New to create a New Certificate
- Select the Type to Java Key Store & Enter the password which created while Generating JKS file & Attach the JKS file
- Click on Validate Stores/Certificates link
- Navigate to the System oAuth -> JWT Keys & create a new JWS Key
- Select the Previously created Cert for Signing Keystore & Enter the Signing Key
- Navigate to the JWT Providers -> Create new JWT Provider
- Select the Previously created JWT Key for Signing Configuration enter the appropriate values for Standard Claims & Create a new entry in Custom Claims & provide the value for scope. Please access below link for more info
- Navigate to the System oAuth ->Application registries & create a new oAuth Profile
- Enter the ClientID & Client Secret which you have got from DocuSign Integrator app
- Provide the Auth URL as follows https://account-d.docusign.com/oauth/auth
- Provide the Token URL as followshttps://account-d.docusign.com/oauth/token
- Select the Default Grant Type as JWT Bearer
- Now, Save the record
- Create the oAuth Entity Scope (Add your necessary scopes here)
Part 3:
4.1 Obtaining Consent as Individual
- Navigate to the System oAuth ->Application registries -> DocuSign oAuth & Create a new oAuth entity profile with Grant Type as Authorization Code under the oAuth entity profile related list
- Add the necessary scopes for this oAuth Profile as well.
- Navigate to the Connection & Credentials -> Credentials & Create new Credentials of type oAuth 2.0
- Select the oAuth Entity Profile created with Grant type as Authorization Code
- Now, Click on Get OAuth Token Link & enter your DocuSign Username & Password to provide the consent
- Now, Again Create a new credentials of type oAuth 2.0 & select the entity profile of type JWT Bearer
- Click on Get OAuth Link & You can see that oAuth Flow is completed successfully message.
4.2 Obtaining Consent as Organization Admin
- In case of Obtaining Organization Admin Consent for an application owned by your organization, please see the below link
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2023 06:56 AM
@nstarr Good morning! I have a couple questions if you don't mind answering. I've been through all of the steps above. We can validate the JKS cert (Part 3 #7), we can get the Authorization, we get the token from the Authorization Code (Part 4#5), we get the token from JWT Bearer (Part 4 #7) and we have DocuSign all set up. We've even completed the part for the webhook. Our issue is that when we run the Get Accounts flow, we get the error below.
The instructions at the link below add a part 6 to what you put here. It says to create another credential, but I already have an Auth Code & JWT so do I really need a 3rd credentials or just the 2 I have?
How to Set up DocuSign spoke - Support and Troubleshooting (servicenow.com)
Our goal is to have the webhook for pulling all DocuSign accounts, etc into ServiceNow AND also to use the spoke for areas like onboarding for associates to sign documents.
{ "Action Status": { "code": 1, "message": "Error: <,Detail: Unexpected token: <" } }