How To Example: Edge Encryption Rules Creation When Using a Customized Service Portal PageDescription<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internaltable { white-space:nowrap; text-align:left; border-width: 1px; border-collapse: collapse; font-size:14px; width: 85%; } table.internaltable th { border-width: 1px; padding: 5px; border-style: solid; border-color: rgb(245, 245, 245); background-color: rgb(245, 245, 245); } table.internaltable td { border-width: 1px; padding: 5px; border-style: solid; border-color: #E0E0E0; color: #000000; } .title { color: #D1232B; font-weight:normal; font-size:28px; } h1{ color: #D1232B; font-weight:normal; font-size:21px; margin-bottom:-5px } h2{ color: #646464; font-weight:bold; font-size:18px; } h3{ color: #000000; font-weight:BOLD; font-size:16px; text-decoration:underline; } h4{ color: #646464; font-weight:BOLD; font-size:15px; text-decoration:; } h5{ color: #000000; font-weight:BOLD; font-size:13px; text-decoration:; } h6{ color: #000000; font-weight:BOLD; font-size:14px; text-decoration:; } ul{ list-style: disc outside none; margin-left: 0; } li { padding-left: 1em; } --> How to Example: Edge Encryption Rules Creation When Using a Customized Service Portal Page Description This article presents an example for creating a customized Edge Encryption Rule when a record is created from a Service Portal page for a specific use case as an example. This is just a single example, the creation of Edge Encryption rules can differ widely depending on what the user is trying to accomplish. This article should not be considered a guide for writing any and all Edge Encryption Rules. The purpose for writing this Edge Encryption rule is to allow a single encrypted field to be encrypted successfully when submitting a Service Portal form from an Edge Proxy logged in user. In this case the table to be encrypted is incident with a single string column being encrypted. Attempt to create an incident from a service portal related form with a single encryption configuration field fails with: "Invalid attempt to insert non-encrypted data into field: u_confidential_data in table: incident." Clearly this requires a custom edge encryption rule. Steps to Reproduce: Make sure these plugins are activated: com.glide.service-portal.config com.glide.service-portal.designer com.glide.service-portal.esm com.glide.service-portal.knowledge-base com.glide.service-portal.service-catalog com.glide.service-portal.service-status com.glide.service-portal.sqanda com.glide.service-portal.survey com.snc.contextual_search.service-portal Create a new column in the incident table: Navigate to System Definition > Tables > Open Label = IncidentSelect Table Columns > NewFill out the form: Type = stringColumn label = Confidential dataColumn name = u_confidential_dataMax length = 1,000 Save Log into the proxy and create an Edge Encryption Configuration for the new column in (2)Open any record in the incident table and add Confidential data to the FormFrom the proxy create a new incident using the regular incident form with a value in the "Confidential data" field - this will create fine, verify the encryption by logging into the instance and viewing the new INT, it should show "Confidential data" as encryptedNavigate to https://<proxy_url>/sp?id=form&table=incident&sys_id=-1&view=Default%20view - that should bring up a new incident form in Service Portal - put a value into the "Confidential data" field and try to save it - fails with:"Invalid attempt to insert non-encrypted data into field: u_confidential_data in table: incident." This is expected since there is no encryption rule to cover this case. What this looks like in the UI: Put in the data to be encrypted into the "Confidential data" form: Select the Save button in the bottom right: The error seen when trying to save the form and create the incident: Procedure If looking at the Request URL using the browser developer tools (in Chrome, or Firefox, or IE for example) at the time the incident form is submitted to create the incident, we see something like the following: 201 POST: Request URL: https://<proxy_url>/api/now/sp/uiaction/4df52ee8dba51300123479e49f9619f3 Response: Invalid attempt to insert non-encrypted data into field: u_confidential_data in table: incident What this looks like in the Firefox browser > Developer > Toggle Tools > Network tab > Headers > Note the Request URL in the trace : Response tab - shows the error message that is seen in the UI - "Invalid attempt to insert non-encrypted data into field: u_confidential_data in table: incident." - so looking at the correct message to build the Rule from: From the Request URL in the trace - the part after /uiaction/ is the sysID of the UI form that is submitted. Create a rule that is not too broad so to not affect other rules, but also able to intercept the request at the same time. Hence, create new UI Actions that are tailored to the incident table, so later look for the specific path when we are writing the rule. On the proxy, navigate to System Definition > UI Action > Filter by sysID is sysID. In the example above, the sysID is '4df52ee8dba51300123479e49f9619f3'. There should only have one result now. This is a global UI Action for Save. Click on that record, change the table to incident. Right click on the toolbar and select Insert and Stay. Do not use Save. Insert and Stay creates a new record that does not change the original Save record.Now a UI Action Save record that is tailored for the incident table has been created. In the same place System Definition > UI Action finds the equivalent global UI Action for Submit and repeat step 2 There are two new UI Actions on the incident table, one for Save and one for SubmitKeep the two new sys_ids for these two new records, they are used in the Edge Encryption Rule Condition Create the new Edge Encryption Rule for HTTP Post called IncidentSP - suggested Order is 5000: Condition - the sys_id's in the if are the two new UI Actions created on the incident table for Save and Submit respectively so the rule works if the form is Saved or Submitted: function IncidentSPCondition(request) { var contentType = request.contentType; // Use the sys_ids of the new "Submit" and "Save" UI Actions in the "if" below if((request.path.indexOf('api/now/sp/uiaction/5ef52ee8dba51300123479e49f96AC12') || request.path.indexOf('api/now/sp/uiaction/c8d81ae0dba51300123479e49f961915')) > -1 && contentType.indexOf('json') > -1 ){ return true; } return false; } Action: function IncidentSPAction(request) { var tableName = 'incident'; var jsonContent = request.getAsJsonContent(); var jsonNodeIterator = jsonContent.getIterator('data'); while (jsonNodeIterator.hasNext()) { var jsonNode = jsonNodeIterator.next(); var fieldName = jsonNode.getName(); jsonNode.valueFor(tableName, fieldName); } } NOTE: Confirm what the value is for getIterator, in this example it is 'data' (var jsonNodeIterator = jsonContent.getIterator('data');), but it may be some other value like 'variables' (var jsonNodeIterator = jsonContent.getIterator('variables');) To find the correct getIterator value using the Browser Developer Tools check the JSON content in the Network -> Headers -> find the Request Payload. In the example where 'data' is used this is the Request Payload: {"table":"incident","recordID":"-1","data":{"number":{"sys_mandatory":false,"visible":true,"dbType":12,"label":"Number","sys_readonly":false,"type":"string","mandatory":false,"displayValue":"INC0010056","readonly":false,"u_confidential_data":{"sys_mandatory":false,"visible":true,"dbType":-1,"label":"Confidential data","sys_readonly":false,"type":"string","mandatory":false,"displayValue":"dfdfdfdfdfd","readonly":false,"hint":"","name":"u_confidential_data","attributes":{"edge_encryption_enabled":"true"},"choice":0,"value":"dfdfdfdfdfd","max_length":1000,"ed":{"name":"u_confidential_data"}...}} Example where the Iterator is 'variables', from the Request Payload: {sysparm_quantity: "1", variables: {new_email: "mymail@mail.com"},…}delivery_address: "dfdfdfdf"engagement_channel: "sp"get_portal_messages: "true"referrer: nullspecial_instructions: "fdfdfdfdf"sysparm_item_guid: "8d95da901bba78501c7c6465604bcb03"sysparm_no_validation: "true"sysparm_quantity: "1"sysparm_requested_for: "me@snc"variables: {new_email: "myemail@mail.com"}new_email: "myemail@mail.com" Verify the rule works: Navigate here: https://<proxy_url>/sp?id=form&table=incident&sys_id=-1&view=Default%20view Enter Confidential data in the form and select Save (Ctrl + s) from the bottom of the formThe incident is created and is encrypted if view from normal instance URL, but is decrypted if viewed in the proxyCan also do the creation from the context menu to verify that Save and Submit both work For additional information on creating custom Edge Encryption Rules refer to the documentation site: https://docs.servicenow.com/csh?topicname=c_EncryptionRules.html&version=latest Applicable Versions All versions