cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ServiceNow Authentication Error with App Broker

A customer has the ServiceNow connection set up (to be used as the front end ui, with App Broker as the backend) with App Broker and the tests pass and catalog items sync to ServiceNow, but the ServiceNow admin has brought to my attention that there is an authentication issue going from SN to AB during rest runs. The account we have set up has all of the proper ServiceNow roles set up, but we are still seeing a login error in SerivceNow - please see the screenshot attached. Is this issue caused by a lack of permissions in App Broker somewhere? I've never run into this before with other environments. 

(1) Solution

Jim may have mentioned it (if so, sorry), but be sure that you have basic authentication enabled on the ESD Site (in IIS). Just ran a quick test, and ran into the 401.. Turns out I had disabled basic auth..

View solution in original post

(3) Replies

Coincidentally, I just had this same error reported to me yesterday by one of my co-workers.  This error generally means that either the credentials were not set correctly in the AppPortal Basic Auth profile as part of the integration configuration steps or that one or more of the REST calls is not configured correctly to use the AppPortal Basic Auth profile.  I suppose there is also a slim chance it has something to do with the IIS authentication configuration on the App Broker server (need to enable Basic Auth on the ESD\API folder in IIS), but I think you'd get a different error in that case.

Try the following:

  1. In the Filter Navigator field within ServiceNow, type sys_rest_message.list and hit enter.
    sn_sys_rest_message.jpg
  2. Configure your view to have the Application, Authentication typeBasic auth profile, and Use basic authentication columns; then filter the list to only those messages in the Flexera Software App Portal application scope.
    sn_sys_rest_message_list.jpg
  3. Make sure all 17 entries are set to use Authentication type = Basic, Basic auth profile = AppPortal Basic Auth, and Use basic authentication = false (Note: I also usually like to add the Basic authentication user ID and Basic authentication password columns and make sure those are blanked out as well, but technically as long as Use basic authentication is false, these other two columns shouldn't matter)
  4. In the Filter Navigator field, type sys_rest_message_fn.list and hit enter.
    sn_sys_rest_message_fn.jpg
  5. Configure your view to have the Application, Authentication typeBasic auth profile, Use MID Server, and Use basic authentication columns; then filter the list to only those messages in the Flexera Software App Portal application scope.
    sn_sys_rest_message_fn_list.jpg
  6. Make sure all 17 entries are set to use Authentication type = Basic, Basic auth profile = AppPortal Basic Auth, Use MID Server = <your MID server>, and Use basic authentication = false (Note: I also usually like to add the Basic authentication user ID and Basic authentication password columns and make sure those are blanked out as well, but technically as long as Use basic authentication is false, these other two columns shouldn't matter)
  7. Click on the AppPortal Basic Auth link for any one of the rows in the list view.
  8. If you see a message like this one, click the here link to edit the record.
    sn_record_in_different_scope.jpg
  9. Update the Username and Password fields and click Update.  These credentials are the Active Directory credentials for your App Portal service account, not the integration account in ServiceNow.  Be sure to include the domain name as part of the Username (e.g. FLEXSVCS\AppPortalSvc).
    sn_update_basic_auth_profile_credentials.jpg
Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".

Jim may have mentioned it (if so, sorry), but be sure that you have basic authentication enabled on the ESD Site (in IIS). Just ran a quick test, and ran into the 401.. Turns out I had disabled basic auth..

I just check and it was disabled....this could explain it. I'll have him re-check now!