Certificate based authentication not enforced [New in Security Center 1.3]
The glide.authenticate.mutual.enabled property enables certificate based authentication, a type of mutual authentication for inbound REST connections to REST and SOAP APIs in the ServiceNow AI Platform.
Mutual authentication establishes trust between server and client by exchanging secure socket layer (SSL) certificates to validate the certificate with a trusted Certificate Authority. This allows verification that a trusted source is connecting to the ServiceNow AI Platform. If this instance is not set to the recommended value of true, an instance could be vulnerable to man-in-the-middle attacks (MitM).
To remediate this security threat, enable mutual authentication for inbound web services. If it's your first time installing the certificate-based authentication plugin (com.glide.auth.mutual) for the ServiceNow AI Platform, then follow the Set up Certificate-based authentication instructions. In addition, ensure that the glide.authenticate.mutual.enabled property is set to true to activate the plugin.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.authenticate.mutual.enabled |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | boolean |
| Recommended value | true |
| Default value | true |
| Category | Architecture, design, and threat modeling |
| Security risk |
|
| Dependencies and prerequisites | None |
| References |