On-call subscription not working with AD accounts


Description

Whenever an AD account user is trying to access the subscribe link received from the subscription email, when they click on it and enter the AD account credentials instance keeps on asking for credentials and does not download the calendar invite.

Release or Environment

All the releases starting from London.

Resolution

When we click on subscription URL from the On-Call calendar subscription email preview HTML , there is an API call that is being made when the popup shows up.

API call would look something like below.

"/api/now/on_call_rota/rotaUserICalendar/11e7bd5adb0a7f00e75d4672399619e7/5f3c836bdb3784d0d11ac19115961959/555accfb1b74c0106fdf7510cd4bcb8e" when the popup is displayed.

Below error messages can be seen from the instance app node logs after providing the AD credentials in the popup with response_code=401.

2020-04-12 22:19:07 (653) Default-thread-4 SYSTEM txid=fa968fc3db00 WARNING *** WARNING *** LDAP: LDAP Auth through MID server is not supported!
2020-04-12 22:19:07 (692) Default-thread-4 SYSTEM txid=fa968fc3db00 Logging event: SNC.Auth.LDAP.Login.Failed with parm1: user_name=xyz and parm2: ldapconfigsysid=879256771bec3f006fdf7510cd4bcbea,remoteAddr=157.46.230.141
2020-04-12 22:19:07 (692) Default-thread-4 SYSTEM txid=fa968fc3db00 *** Script: Basic authentication failed for user: xyz
2020-04-12 22:19:07 (693) Default-thread-4 SYSTEM txid=fa968fc3db00 WARNING *** WARNING *** Failed authorization by script include 'BasicAuth'
2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 #700809 [REST API] RESTAPIProcessor : User Not Authenticated
2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 DEBUG: Session inactivity timeout changed for unauthorized session. Inactive_interval=300 seconds
2020-04-12 22:19:07 (694) Default-thread-4 SYSTEM txid=fa968fc3db00 *** End #700809 /api/now/on_call_rota/rotaUserICalendar/11e7bd5adb0a7f00e75d4672399619e7/5f3c836bdb3784d0d11ac19115961959/555accfb1b74c0106fdf7510cd4bcb8e, user: guest, total time: 0:00:00.000, processing time: 0:00:00.000, SQL time: 0:00:00.020 (count: 24), business rule: 0:00:00.000 (count: 2), source: 157.46.230.141 , type:rest, method:null, api_name:null, resource:null, version:null, user_id:5136503cc611227c0183e96598c4f706, response_status:401

This API call only supports basic authentication. If SSO is in use, basic authentication is still required to subscribe with the URL.