Notifications

231 views

Description

This article explains how to

  • set up OIDC provider( Okta) on ServiceNow instance
  • generate identity token using 3rd party client like POSTMAN
  • make a call with identity tokens generated by a third-party OIDC provider for inbound API calls to ServiceNow.

Instructions

OIDC stands for OpenID Connect (http://openid.net/connect/).
It is an authentication layer on top of OAuth 2.0
It allows clients, like ServiceNow, to verify the identity of the end user by sending the JWT token containing the end user information to OIDC provider.

1) Create free Okta developer account

https://developer.okta.com/signup/

2)create new application -> type -> Web

with the below settings

3)

a)Login redirect URIs is:

https://getpostman.com/oauth2/callback

b) create a user (with an email address) and associate this user to the application

4)On the ServiceNow instance
System OAuth - > Application Registry

What kind of OAuth application?
Select -> 'Configure an OIDC provider to verify ID tokens.'

5)

a)Provide Name

b)Client ID & Client Secret from the Okta application created in step 2

c)

 Please check the below screenshots:
 
 
6) Create a user in sys_user table to have an email matching the user created in step 3 (b)
 
7) To generate ID token:
From the POST MAN REST Client click on OAuth 2.0 -> Authoriztion-> Get New Access Token . Fill in the details to match the configuration done above . Sample call -

 
8)Once you click on “Request Token” you will be prompted with an authorization screen for the OIDC provider end point. Provide the user details created in step 3 (b)

 

9)The end point will respond with Access Token and id_token . Copy the id_token and validate it in https://jwt.io/

 

10)Make a call to ServiceNow REST end point with header ‘Authorization’ and value ‘Bearer <id_token>’

Article Information

Last Updated:2019-09-11 21:44:50
Published:2019-09-12