Salesforce Spoke Integration with ServiceNow using JWT


Description

On Salesforce end

  1. From your Salesforce account, create a connected app.
  2. Configure the connected app to enable your Salesforce application to share data with your ServiceNow instance.
    1. Select Enable OAuth Settings and configure the authentication settings.
    2. Select Use Digital Signatures and upload a Java KeyStore (JKS) certificate.
    3. Select the OAuth scopes:
      • Access and manage your data (api)
      • Perform requests on your behalf at any time (refresh_token, offline_access)
    4. Specify ServiceNow instance URL in Callback URL in this format: https://<instance-name>.service-now.com/oauth_redirect.do
  3. After creating the connected app, under OAuth Policies on the Edit Policies page, set these values:
    FieldValue
    Permitted UsersAdmin approved users are pre-authorized
    IP RestrictionsRelax IP Restrictions
  4. Record the values of Consumer Key (client_id) and Consumer Secret (client_secret).
  5. Configure user provisioning for the connected app as per your requirement
    1. Manage the connected app and add the profile of the user

 

On ServiceNow Instance end

  1. Attach a Java Key Store certificate to the Salesforce spoke (follow documentation for all field/steps)
    1. System Definition > Certificates > New
    2. FieldDescription
      NameSalesforce Certificate
      TypeJava Key Store
      Key store passwordPassword associated with the certificate.
    3. Click the attachments icon (Attachments icon) and attach a JKS certificate.
    4. Click Validate Stores/Certificates to validate the certificate.
  2. Create a JWT signing key for the Salesforce spoke (follow documentation for all field/steps)
    1. System OAuth > JWT Keys > New
    2. FieldDescription
      NameSalesforce JWT Keys
      Signing KeystoreValid JKS certificate attached in the previous task. For example, Salesforce Certificate.
      Signing AlgorithmAlgorithm to sign with the JWT key.
      Signing Key PasswordPassword associated with the signing key.
    3. Click Submit.
  3. Create a JWT provider for the Salesforce spoke (follow documentation for all field/steps)
    1. System OAuth > JWT Providers > New
    2. FieldDescription
      NameSalesforce JWT Provider
      Signing ConfigurationJWT signing key from the previous step. For example, Salesforce JWT Keys
    3. Right-click the form header, and click Save.
      The Standard Claims and Custom Claims related lists are displayed.
    4. In the Standard Claims related list, enter values for iss, sub, and aud. 
      1. NameDescription
        issclient_id of the connected app (from Salesforce)
        subusername of the user (Salesforce)
        audUse the authorization server’s URL for the audience value: https://login.salesforce.com, https://test.salesforce.com, or https://site.force.com/customers
    5. Click Update.
  4. Register Salesforce as an OAuth Provider (follow documentation for all field/steps)
    1. System OAuth > Application Registry > New (What kind of OAuth application? > Connect to a third party OAuth Provider)
    2. NameDescription
      NameSalesforce OAuth
      Client IDConsumer key that you generated during the Salesforce connected app configuration
      Client SecretConsumer secret that you generated during the Salesforce connected app configuration.
      Token URLOAuth server token endpoint.
      Default Grant typeJWT Bearer
    3. Save the form.
    4. The system validates the OAuth credentials and populates the Redirect URLfield.
      1. The system populates OAuth Entity Profile with Grant Type as JWT Bearer. For example, OAuth Entity Profile is created with default Name, Salesforce JWT provider default_profile.
    5. Click Update.
  5. Create credential records for the Salesforce spoke (Test - Get OAuth Token)
    1. Connections & Credentials > Credentials > New
    2. NameDescription
      NameSalesforce Credentials
      OAuth Entity ProfileOAuth profile that you created when you registered the Salesforce connected app as an OAuth provider. For example, select Salesforce OAuth default_profile.
    3. Save the record.
    4. Test - Get OAuth Token
    5. RESULT : OAuth token flow completed successfully