Description
Michael Gettes
15 hours ago
I am trying to configure ServiceNow with SCIMv2 other/generic provisioner. In the External Systems I have defined ServiceNow as WS (bearer token auth) which doesn’t seem to work as ServiceNow appears to want to specify a username AND a password along with base URL. I am getting the following errors in diagnostics:
Select group from Target Error: Selecting specific group(s) (elapsed: 0:00:01.538)
java.lang.RuntimeException: Error connecting to 'get' 'https://slacdev.servicenowservices.com/api/now/scim/Groups?filter=displayName%20eq%20%22GrouperRoleTest%22, body: 'null' returnCode: 401, response: '"error":
,"status":"failure"'
at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeMethod(GrouperScim2ApiCommands.java:441)
at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeGetMethod(GrouperScim2ApiCommands.java:391)
at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.retrieveScimGroup(GrouperScim2ApiCommands.java:755)
at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2TargetDao.retrieveGroup(GrouperScim2TargetDao.java:174)
at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter.retrieveGroupHelper(GrouperProvisionerTargetDaoAdapter.java:2735)
at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter$6.callLogic(GrouperProvisionerTargetDaoAdapter.java:1268)
at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter$6.callLogic(GrouperProvisionerTargetDaoAdapter.java:1260)
at edu.internet2.middleware.grouper.util.GrouperUtil.executorServiceSubmit(GrouperUtil.java:14112)
at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter.retrieveGroups(GrouperProvisionerTargetDaoAdapter.java:1294)
at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningDiagnosticsContainer.appendSelectGroupFromTarget(GrouperProvisioningDiagnosticsContainer.java:1605)
at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningDiagnosticsContainer.runDiagnostics(GrouperProvisioningDiagnosticsContainer.java:202)
at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningType$2.provision(GrouperProvisioningType.java:72)
at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogic.provision(GrouperProvisioningLogic.java:77)
at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioner.provision(GrouperProvisioner.java:850)
at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2ProvisionerConfiguration$1.callLogic(UiV2ProvisionerConfiguration.java:234)
at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2ProvisionerConfiguration$1.callLogic(UiV2ProvisionerConfiguration.java:229)
at edu.internet2.middleware.grouper.util.GrouperCallable$1.callback(GrouperCallable.java:203)
at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:1000)
at edu.internet2.middleware.grouper.util.GrouperCallable.callLogicWithSessionIfExists(GrouperCallable.java:200)
at edu.internet2.middleware.grouper.util.GrouperCallable.call(GrouperCallable.java:166)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.lang.RuntimeException: Invalid return code '401', expecting: 200, 404
at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeMethod(GrouperScim2ApiCommands.java:428)
... 23 more
(edited)
Michael Gettes
13 hours ago
doc for ServiceNow SCIM api is at: https://developer.servicenow.com/dev.do#!/reference/api/utah/rest/scim-api
Michael Gettes
11 hours ago
@mchyzer
can we add a userid?
Michael Gettes
11 hours ago
ServiceNow supports OAuth — will this work with the OIDC you have in Grouper? https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/authentication/task/provisioning-user-oauth.html
Michael Gettes
11 hours ago
i’m trying to get with SNow admin to give the OAuth a try.
Michael Gettes
10 hours ago
So the OAuth capability on SNow is far more involved. We’d have to set up an OIDC provider some place. So, I am wondering if we can meet the needs of the basic auth mech they claim to provide for SCIM at https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/authentication/task/provisioning-user-basic-auth.html
Chris Hyzer
3 hours ago
all scim ive seen is bearer token. we can add basic auth, thats what is needed right?
New
Michael Gettes
2 hours ago
I believe so. The above urls apppear to be the extent of the docs.