Service Now Integration Interfaces :

ServiceNow is a Database driven application. Every peace of data and Configurations within the applications are resides inside database.This data and Configurations are often displayed form of modules,options and forms. Every form in the system is essentially a database table.

 

In Service Now we reference any table by using standard URL format, and to directly access any table or form with in the Service Now instance, simply type the database table name in the URL and Append .do extension to that table name.

Example:  Incidents

URL: https://dev12552.service-now.com/incident.do

1.  Every table in Service Now instance has number of built in interfaces that allow third
     party applications access the data resides within the table.

2. These interfaces are auto regenerated that means any new custom tables/new fields are
     automatically accessible to these interfaces.

3. Each table within the table has web services API set that will provide you CRED 
    operations.

CREAD:

C ==> Create
R ==> Read
E ==> Edit
D ==> Delete

All of this interfaces are protected with basic authentication by default

Proof of Concepts Using SOAP UI:

"Soap UI is an open source web service testing application for service-oriented architectures (SOA). Its functionality covers web service inspection, invoking, development, simulation and mocking, functional testing, load and compliance testing." 

We can use SOAP web service interface(SOAP UI) tool, If we want to explore Web Services functions available.

==> Installation of SOAP UI tool:

1. Download SOAP UI tool from here www.soapui.org
2. Install the downloaded file and Open the tool

 ==> Create Project a Project in SOAP UI:

1. Open SoapUI
2. Click File > New SOAP Project
3. Project Name: IncidentInterface
4. Add WSDL URL: https://.service-now.com/incident.do?WSDL
5. Click OK to finish

 ==> Authentication
 Alternatively users can also set authentication using Auth option available in bottom of tool


 Example 1: Insert new incident

1. Double click the insert operation
 

2. Update the XML file as needed

Sample XML:
-------------------------------------------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------------------------------------------
3. Select the green arrow to submit the soap request
4. You will receive a soap response that the the incident was created. Example response below
-------------------------------------------------------------------------------------------------------------------------



--------------------------------------------------------------------------------------------------------------------------




  Example 2: Update an existing incident

We need to pass sys_id value of the incident record  in XML request for updating an existing incident

Example 3: Delete an Incident

We need to pass sys_id value of the incident record  in XML request for deleting an existing incident

========================================================================

 

 


 





The behavior of a different modules in Service-now instance can be controlled by System Properties.
System Properties are just like global variables in general.  If we need  a variable value that should be available system-wide then it is a best practice to put that value in a system property so that we can use that property where ever required. In addition to that any changes to system property values later  can be managed easily.

It’s always a good idea to be aware of the different properties in the Service Now instance and How they function. Business rules, UI actions, UI pages  and other scripts depend  on system property values.Using a system property instead of a hard-coded value in server-side scripts makes the system easier to maintain and gives you the flexibility to make changes to the system's behavior without reprogramming with system property values

Standard System properties consist of following

1. Name
2. Application
3. Description
4. Type
5. Value
6. Roles

 ==> All system properties in ServiceNow instance are stored in System Property
            [sys_properties] table




How to open sys_properties table:

1. Go to Application Navigation section
2. Type sys_properties.list in filter box, it will automatically opens up the sys_properties table
3. We can add custom in sys_properties table

Creating or Editing a Property:

Most of the system properties can be found in your left navigation under the ‘System Properties’ application as shown above. ALL of the properties in the system are stored in the ‘sys_properties’ table and can be viewed and edited there by typing ‘sys_properties.list’ into the left navigation filter.
You can add a property to your system simply by creating a new record in the ‘sys_properties’ table

1. Enter sys_properties.list in the navigation filter.
2. The entire list of properties in the System Properties [sys_properties] table appears. 
3. Verify the property that you want to create does not already exist.
4. Click New
5. Complete the form as follows (see table)
6. Click Submit.  



 System Properties v/s Properties page:

System Properties and Properties page both allows  users to add values to particular property, but the difference is properties page allows you to set values diffrent properties from single page where as in System Properties we make changes to diffrent property records.


 It’s great to be able to modify properties from the properties table, but it’s a lot more convenient to make the edit through a properties page. Properties pages are what you get when you click on a module under the ‘System Properties’ application in the left navigation of your Service-now instance.
Properties pages are really just a URL that pulls together one or more System Property Categories into a single UI page to be viewed. You can create or modify these categories by navigating to ‘System Properties->Categories’. Here’s what one of the properties categories looks like for the Email settings out-of-box…

Please refer to ServiceNow hosted video on System Sroperties

=========================================================================












 

Users can navigate to a record or module directly by using a URL. This article explains the URL schema by which the system generates pages.


Basic URL format:

Example: https://dev12552.service-now.com/

==> https://dev12552.service-now.com/   -----> base URL
==> dev12552                                          ------> Instance name                   
==> https://dev12552.service-now.com/  <====>  https://.service-now.com

======================================================================

Extended URL format:

Below URL generated by search for admin user operation. We will discuss about each component 
of URL

https://dev12552.service-now.com/sys_user_list.do?sysparm_query=user_nameSTARTSWITHadmin
==> https://dev12552.service-now.com/   -->  base URL
==> sys_user_list.do                                 -->  table name_list.do
==> sysparm_query=user_name               -->  sysparm_query=fieldname
==> STARTSWITH                                     -->  search operator
==> admin                                                  -->  search string


================================================================================

Few Examples: 

Note: Replace dev12552 with your ServiceNow instance name

1. Find All Active Incidents

https://dev12552.service-now.com/incident_list.do?sysparm_query=state%3D2

2. Find All Active Incidents Grouped by Category

https://dev12552.service-now.com/nav_to.do?uri=incident_list.do?sysparm_query=active=true^GROUPBYcategory

3. Export all active incidents to PDF

https://dev12552.service-now.com/nav_to.do?uri=incident_list.do?sysparm_query=active=true%26PDF

4. Export all priority 1 active incidents to CSV

https://dev12552.service-now.com/nav_to.do?uri=incident_list.do?sysparm_query=active=true^priority=1%26CSV

================================================================================

How to capture URL:

1. Construct your query in ServiceNow and Run the query

2. Right click on condition and Copy the URL


3. This URL is direct reference to the ServiceNow database

=======================================================================


 



 

The Salesforce.com Certified Administrator exam is intended for an individual who has experience performing as a Salesforce Administrator. Here are examples of the concepts you should understand to pass the exam:

Please find links to download SFDC Admin Exam dumps:

==> adm-201-practise-questions-1
==> adm-201-practise-questions-2
==> adm-201-practise-questions-3

Books: 

==> Salesforce Essentials for Administrators
==> Salesforce.com for Dummies
==> Practical Salesforce.com Development Without Code

It's always good to refer latest release notes before going to exam

And For additional reference you may want to refer below sites

http://www.oyecode.com/
http://www.jitendrazaa.com/blog/
http://cloudyworlds.blogspot.in/
http://saramorgan.net/category/visualforce-2/
http://www.sfdc99.com/
http://www.verticalcoder.com/

Please let me know if I can help you for anything

 

Glide:

ServiceNow company name used to be called as Glidesoft, Inc. incorporated in California. Glide name has been incorporated from previous company name.

GlideRecord is a special Java class (GlideRecord.java) that can be used in JavaScript exactly as if it was a native JavaScript class.


 Usage:

ServiceNow GlideRecord class is used for querying ServiceNow database to retrieve the one or more records

DB Operations Supported by Glide Record:

1. Update
2. Insert
3. Delete
4. Query
5. Get
6. Set
All 6 different DB operations are provided with multiple function/methods to achieve different use cases. In this post we will learn few examples
Use case 1:
List all incident record numbers in incident table

Where should we execute sample code: 

Before we execute the sample GlideRecord code snippet. We should provide security permission

1. Open ServiceNow UI and Click on LOCK icon on Banner section

 
 2. Tick security_admin option(This is required, because we are operating over DB records
 3. Click OK
 4. Open the coding PAD by appending URL shortcut to the URL(sys.scripts.do)


5. Write the sample code in Run script section and Click on Run button


Alternative Method How to find the Scripts - Background Utility

1. Login as an Admin User
2. Elevate your security privileges to security_admin. Click the Lock icon next your name on the title
    Bar
3. Click the security_admin checkbox and click ok. The Lock icon is now unlocked
4. Go to System Defintion > Scripts - Background.  The Scripts - Background Utility appears.

========================================================================



//Function definition
ListallIncident();

//Function Body
function ListallIncident() 
{
    var ListallIncident = new GlideRecord('incident'); ////Indicate the table to query from
    ListallIncident.query(); ////Execute the query
//Do something with the records returned
     while(ListallIncident.next()) //Operate over all incidents
     {
        gs.print('Incident Found: '+ListallIncident.number); //Print all incidents
     }
}













 


After enabling  Enabling External Authentication  and Configuration of  SAML 2 Single sign on plugin users will not be able to login to the ServiceNow instance by usual login URL(https://demo.service-now.com). Single sign on settings prevent users from logging into ServiceNow instance instance directly without ADFS login.

Checking Enabling External Authentication Status:





Workaround:

Instead of  using general login URL(https://demo.service-now.com),  Administrators can use the following URL to bypass external authentication and log in with a local ServiceNow user

URL: http://.service-now.com/side_door.do

In second post we have learned about, ServiceNow SAML 2.0 Settings and In this post we will discuss about ADFS Relying Party Configuration and ADFS Relying Party Claim Rules

ADFS Relying Party Configuration:

Now we take the Service-Now Metadata and import it into your ADFS server. However, manual configuration of the Relying partner appears to be easier to implement

1. Open the ADFS 2.0 Management console and select “Relying Party Trusts"
2. Select “add Relaying party Trust” from the top right corner of the window. The add wizard will   appear. Click on “Start” to begin
3. Select “Enter data about the relying party manually” and select “Next >”
4. Give it a display name such as “anyname” and enter any notes you wish finished by selecting “Next >”.
5. Select AD FS 2.0 Profile and click “Next >”.
6. Do not select anything and click "Next>"
7. Do not enable any settings on the “Configure URL” and press “Next >”.
8. Enter the Service-Now website you connect to as the Relying Party trust identifier. In this case use ‘https://companyname.service-now.com and click on “Add” and then click “Next >”.
9. Permit all users to access this relying party and select “Next >”.
10.Click “Next >” on the Ready to add page and uncheck “Open the Claims when this finishes” then close. You should now know see the Relying Party in the window.
11. Right click on the Relying Party trust and select “Properties”.
12. Browse to the “Endpoints tab” and add a “SAML Assertion Consumer” with a “Post” binding and a URL of https://companyname.service-now.com/navpage.do.


AD FS Relying Party Claim Rules:

Now is the time to edit the Claim rules in order to enable proper communication with Service-Now.

  1. Right click on the Relying Party and select “Edit Claim Rules…”
  2. On the Issuance Transform Rules tab select “Add Rules…”
  3. Select “Send LDAP Attribute as Claims” as the claim rule template to use and select “Next >”.
      Give the Claim a name such as “Get LDAP Attributes”. Attribute Store should be set to “Active  Directory” and LDAP Attribute should be “E-Mail-Addresses” and the Outgoing Claim Type should be NameID.
4. Click finish and Apply and OK

Add User to Active Directory:

1. Click start and Select Active Directory Users and Computers
2. Navigate to Users tab and Right click-->New-->User
3. Input FirstName and LastName and UserLogon Name(kiran@sample.com) 
4. Click Next and Input Password and Select Password never expires
5. Copy the user logon address
6. Click finish and Double click on User 
7. Past the copied Logon email address in email field
8. Apply and Click ok

Create a user in ServiceNow Instance:

1. Log on to your ServiceNow instance
2. Application Navigation->Systems and Security->Click Users 
3. Click on New button and Create a new user and Input email address copied earlier(kiran@sample.com)
4. Save

Testing:

1. Hit ADFS logon URL(https://your adfs domain/adfs/ls/idpinitiatedsignon.aspx)
2. Select your Relaying party and Proceed
3. Input ADFS user credentials and Proceed
4. You should be able to logon to ServiceNow

-------------------------------------------------------------------------------------------------------------------

  


     
 

 

 
In first post we have learned about collecting Federation Service Identifier and Export the “Token-Signing” certificate from microsoft's active directory federation server (adfs). In this post we will look at ServiceNow SAML 2.0 Settings

ServiceNow SAML 2.0 Settings:

1. Log into Service-Now with Admin privileges
2. Browse to “SAML 2 Single Sign On” and select Properties from application Navigator section

Note:
If SAML 2 is not listed, you will need to contact Service-Now from Hi portal to have it enabled 



3. The correct settings for this example explain below

Identity Provider properties:

#The Identity Provider URL which will issue the SAML2 security token with user info.
We have to place Identity Provider URL which collected earlier. Please refer article 1
Example: http://domain/adfs/services/trust

#The base URL to the Identity Provider's AuthnRequest service. The AuthnRequest will be posted to this URL as the SAMLRequest parameter

We have to place The base URL to the Identity Provider's
Example: ht/tp://domain/adfs/services/trust/ls

#Sign AuthnRequest.

Leave default

#The base URL to the Identity Provider's SingleLogoutRequest service. The LogoutRequest will be posted to this URL as the SAMLRequest parameter

Based on the URL specified logout request will be redirected
Example:Idp login(https://domain/adfs/ls/idpinitiatedsignon.aspx)
 
#The protocol binding for the Identity Provider's SingleLogoutRequest service. (Value can be either "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" or "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".)

Leave default

#Sign LogoutRequest. Set this property to true if the Identity Provider's SingleLogoutRequest service requires signed LogoutRequest.

Leave default

#When SAML 2.0 single sign-on fails because the session is not authenticated, or this is the first login, redirect to this URL. This is the base URL where the initial SAML 2.0 AuthnRequest is sent using the SAMLRequest parameter

Leave default

#URL to redirect users after logout, typically back to the portal that enabled the SSO (e.g. http://portal.companya.com/logout)

Leave default
  

Service Provider (Service-Now) properties:

#The URL to the Service-now instance homepage.

This is Servicenow Login URL
Example:https://demo.service-now.com/navpage.do

#The entity identification, or the issuer

Example: https://demo.service-now.com

#The audience uri that accepts SAML2 token. (Normally, it is your instance URI

Example: https://demo.service-now.com

#The User table field to match with the Subject's NameID element in the SAMLResponse

This specifies the field in users table, that will be used to match the subject NameID in SAML assertion from Idp with ServiceNow user table
Example: email

#The NameID policy to use for returning the Subject's NameID in the SAMLResponse. Your SAML identity provider will have to support this by declaring the policy in its metadata. The NameID value is used to match with the specified field in the User table to lookup the user

Leave default 

#Create an AuthnContextClass request in the AuthnRequest statement.
This tells the IdP that ServiceNow requires that they present a specific login mechanism such as a form, Kerberos, etc. If the AuthnRequest doesn't specify an AuthnContextClass, the IdP will choose the most appropriate method.

Check Yes 

#The AuthnContextClassRef method that we will be included in our SAML 2.0 AuthnRequest to the Identity Provider

Leave Default

#The alias of key entry stored in SAML 2.0 SP Keystore used to sign SAML 2 requests.

Leave default

#The password of key entry stored in SAML 2.0 SP Keystore used to sign SAML 2 requests. 

Leave default

#Click SAVE

Certificate Settings: 

1. Select the  “Certificate” page from the application navigation. At the top right corner, 
2. Select the paper clip and attach the PEM certificate we created earlier. 




Sometimes the certificate’s fields such as Issue and Subject do not populate after selecting save and there may be an error on the top of the page. If this is the case, open the saves PEM formatted certificate in notepad and copy and paste the certificate in the “PEM Certificate:” field followed by clicking on “Update”. This page should have all the areas filled out.

------------------------------------------------------------------------------------------------------

In next post, we will discuss about  AD FS Relying Party Configuration and AD FS Relying Party Claim Rules
 
 



Service Provider:

A service provider (SP) is a company that provides organizations with enterprise class products like 
ServiceNow, Salesforce, Netsuite,etc.  Service can be storage, application, infra. 

SP  Initiated Single Sign On :

In this scenario a user attempts to access a protected resource directly on an SP Web site without being logged on 

Technical Flow:

In this scenario a user attempts to access a protected resource directly on an SP Web site without being logged on. The user does not have an account on the SP site, but does have a federated account managed by a third-party IdP. The SP sends an authentication request to the IdP. Both the request and the returned SAML assertion are sent through the user’s browser via HTTP POST


 1.The user requests access to a protected SP resource. The request is redirected to the federation server to handle authentication.
2.The federation server sends an HTML form back to the browser with a SAML request for authentication from the IdP. The HTML form is automatically posted to the IdP’s SSO service.
3.If the user is not already logged on to the IdP site or if re-authentication is required, the IdP asks for credentials (e.g., ID and password) and the user logs on.
4.Additional information about the user may be retrieved from the user data store for inclusion in the SAML response. (These attributes are predetermined as part of the federation agreement between the IdP and the SP—see About Attributes in the PingFederate Administrator’s Manual.)
5.The IdP’s SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.
NOTE:SAML specifications require that POST responses be digitally signed.
6.If the signature and assertion are valid, the SP establishes a session for the user and redirects the browser to the target resource.

In next post will discuss about Configuring AD FS 2.0 with ServiceNow SAML 2.0, stay tune

 









Identity Provider


 A system that creates, maintains, and manages identity information.

IdP (Identity Provider), is a system that creates, maintains, and manages identity information for principals (users, services, or systems) and provides principal authentication to other service providers (applications) within a federation or distributed network. It is a trusted third party that can be relied upon by users and servers when users and servers are establishing a dialog that must be authenticated. The IdP sends an attribute assertion containing trusted information about the user to the SP

We are going to use Identity Provider Initiated SSO in later article. Means User will Login from Outside(IDp) and will be redirected to ServiceNow/Salesforce. Identity Provider must follow Federated Authentication (SAML) standard

SAML stands for “Security Assertion Markup Language” and it is Open standard for exchanging Authentication and Authorization between Systems. SAML based authentication is supported both
ServiceNow/Salesforce

Idp  Initiated Single Sign On : 

In IDp Initiated SSO, User Directly logins to Identity provider/Idp redirects user to proper ServiceNow/Salesforce Instance with SAML assertion in request (Service Provider). If SAML assertion is valid then Salesforce validates that user successfuly.

Technical Flow: 

In this scenario, a user is logged on to the IdP and attempts to access a resource on a remote SP server. The SAML assertion is transported to the SP via HTTP POST.

 


Processing Steps:
    • A user has logged on to the IdP.
    • The user requests access to a protected SP resource. The user is not logged on to the SP site.
    • Optionally, the IdP retrieves attributes from the user data store.
    • The IdP’s SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the SP.
    • NOTE:SAML specifications require that POST responses be digitally signed.
    • If the signature and assertion are valid, the SP establishes a session for the user and redirects the browser to the target resource.

       In next post we will discuss about, SP(ServiceProvides) and SP Initiated Single Sign On, stay tune


















      Hello Friends,

      In this series, We will be discussing about single sign on(SSO) and Types of SSO  and We will discuss about underlying architecture.

      Single Sign on(SSO):

      Single Sign On (SSO) is a process that allow a user to access multiple services by logging in or  authenticate only once. This involves authentication into all services the user has given permission to, after logging into a Identity provider(Ex: ADFS).

      The basic process of SSO is as follows:

      1. The first step is logging into the main service(Ex, Idp) 
      2. The user requests access to a protected SP(Salesforce, ServiceNow, etc) resource 
      3. Idp  verifies user authorization with the help of attributes from the user data store
      4. Based on that Idp generate SAML response containing the authentication assertion and any additional attributes
      5. Based on SAML response, Idp will redirect you to the protected service provider
      A good example of the use of SSO is in Google’s services. You need only be signed in to one primary Google account to access different services like YouTube, Gmail, Google+, Google Analytics, and more.

      Advantages of SSO:

      1. No need to manage large numbers of passwords. 
      2. A simpler sign-up and login process, which can also be good for conversions. 
      3. Reduced exposure to the risks of data loss. Users already trust the identity provider 
      4. etc 
        In next post we will discuss in detail about SAML, Idp, SP, stc. Stay tune




      Single Sign-On access to ServiceNow  the following configurations:

      1. Configurations in the ServiceNow  to accept secure communication from IdP.

      2. Configurations in Identity Provider to accept communication from the ServiceNow.

      Prerequisite:

      • ServiceNow Instance
      • SAML 2 Single sign on plugin
      • Microsoft's active directory federation server (adfs)(Idp)
      Note: SAML 2 Single sign on plugin is a on demand service , we have to put a request via " ServiceNow Hi"   portal to enable it. You will below configuration from ServiceNow application
      Navigation section


      SSO Configuration with ADFS Involves in Following Steps:

      • Get Federation Service Identifier
      • ServiceNow SAML 2.0 Settings
      • AD FS Relying Party Configuration
      • AD FS Relying Party Claim Rules
      • Testing the setup

       Get Federation Service Identifier and Export the “Token-Signing” certificate: 

       Get Federation Service Identifier:

      • Log into your ADFS 2.0 server and open the management console
      • Right click on Service and choose Edit Federation Service Properties 
      • Copy the Federation Service Identifier as that will be used to enter into the Service-Now SAML 2.0 configuration settings
      Note: Please update your local host entries if  Federation Service Identifier domain is not public

      Export the “Token-Signing” certificate: 


          1.Right click on Service and Double click on certificates
          2.Double click on Token-signing from certificate section
          3.Certificate wizard will open
          4.Click on the “Details” tab
          5.Click on “Copy to File…” The Certificate Export Wizard will launch. and Select “Next >”
          6.Ensure “No, do not export the private key” is select and press “Next >”
          7.Select “DER encoded binary X.509 (.cer)” and press “Next >”
          8.Select where you want to save the file and give it a name and press “Next >”.
          9.Finally, select “Finish”
       

        Note:

        Service-now requires that this certificate be in PEM format. You can convert this certificate using client tools or even online tools such as: SSL Shopper. Use the DER/Binary certificate we just created and export it to “Standard PEM” format.

        SSL Shopper:

            1.Login to https://www.sslshopper.com/ssl-converter.html
            2.Choose DER encoded binary X.509 (.cer)



         

            3.Select DER/Binary for Type of current certificate
            4.Select Standard PEM for Type To Convert To
            5.Copy the PEM to Text editor
          As of now, we have collected  Federation Service Identifier and Exported the “Token-Signing” certificate and Copied PEM.

          ----------------------------------------------------------------------------------------------------------------
           In next post will discuss about setting up ServiceNow SAML 2.0 Settings. Stay tune