Integrating Mid Server Credential Resolver with ServiceNow

The Mid Server Credential Resolver integrates Delinea Secret Server or PAS with ServiceNow to enable secure credential resolution for discovery, scanning, and automation operations.

For details about supported MID Server Credential Resolver versions and which ServiceNow releases are compatible with it, see ServiceNow Release Integration Matrix.

Available integrations:

• Integrating Secret Server with MidServer Credential Resolver

• Integrating PAS with MidServer Credential Resolver

ServiceNow Plugins

The following plugins are available and must be activated on the ServiceNow instance:

• External Credential Storage Plugin: Enables ServiceNow to securely store and resolve credentials from Secret Server.

• Discovery Plugin: Enables ServiceNow to perform discovery operations on network infrastructure and resolve credentials using MidServer.

Setting Up Mid Server Credential Resolver Integration in ServiceNow

The Delinea Credential Resolver can integrate with ServiceNow automatically through the ServiceNow store or by manually importing XML files.

Automated Installation via ServiceNow Store

• Navigate to the following link on the ServiceNow Store for the most recent version of the plugin. Otherwise, search for the Delinea Credential Resolver integration in the ServiceNow Store.

• Install the integration from the store. This process should automatically install all required dependencies, including plugins for credential storage and discovery.

Manual Installation via XML Import

XML installation is mandatory starting from the Xanadu version when the application is not installed through the ServiceNow Store.

If you are unable to use the ServiceNow Store for installation or prefer a manual setup, you can import the necessary XML files into ServiceNow.

Download the most recent version of the integration from this location.

To import an XML file into ServiceNow using the Mid Server integration:

Unzip the downloaded file.

• The extracted file should contain the following files:

  • DelineaCredentialResolver_xml.xml

  • DelineaCredentialResolver-<version number>.jar

  • DelineaMidServerSetupUtility.jar

  • Release Notes

Uploading the XML file will also install the required JAR files when performing a manual installation. If you are using any version before Xanadu, you may continue to install the application by simply adding the required JAR files and skipping the XML installation process.

JAR File Installation

1. Go to the MID Server > JAR files and select New.

2. In the Name and Version fields, provide the details of the DelineaCredentialResolver.jar file accordingly.

3. In the Source field, provide the location of the file.

4. Select Submit or Update.

5. Restart the MID Server service.

Steps to Import an XML File

1. Log into ServiceNow.

2. Go to the All tab and select Retrieved Update Sets.

3. Select Import Update Set from XML.

4. Select the unzipped XML file and then select Upload.

5. After the import, the file is located under the Retrieved Update Set.

6. Open the uploaded file and select Preview Update Set.

   If you see an error after the preview, select it and then select the Accept the Remote Set option from the dropdown. Accepting those errors won’t affect the functionality of the integration.

7. The state is changed to Previewed.

8. Select Commit Update Set.

9. After a successful commit, the state changes to Committed, indicating that the integration’s installation is complete.

When the Credential Resolver installation is complete, proceed to configuring the appropriate product:

• Secret Server

• Privileged Access Service (PAS)

(Optional) Adding SSL Certificate to MidServer

Optionally, SSL certificates can be added to the MID Server for secure communication.

If the certificate for the site is published from an internal Active Directory Certificate Authority (CA) or an internal self-generated certificate, that certificate needs to be added to the MID Server Agent’s local Keystore for Java.

ServiceNow has documented the method for adding the certificate which can be found here.

The following steps are the additional details to the ServiceNow documentation.

1. Download your SSL certificate for PAS / Secret Server to the MID Server.

2. One way to get the certificate is to go to a PAS / Secret Server website.

3. Select the Site icon on the address bar.

4. Navigate to Certificate > Details > Copy to File > Export and save it in the following format Der-encoded binary (.cer).

5. Copy the certificate file to MidServer.

6. Go to MidServer, open a PowerShell prompt and set the location to the Java bin directory: <JavaDirectoryPath>\jre\bin.

7. Run the following command, replacing with your environment specifics:

   exe -import -alias -file -keystore

   Example:

   keytool -import -alias myAlias -file myCertificate.cer -keystore "C:\Program Files\Java\jre1.8.XXXX\lib\security\cacerts"

8. You will be prompted to provide the password for the Keystore. The password should have been changed within your environment. If not, the default password is change it.

9. You will be prompted to a screen that asks if you trust the self-signed certificate. Select Yes and the certificate will be imported into the trust store.

Once you have submitted and installed the integration through either the ServiceNow Store or manual import, your MID Servers should pull both the credential resolver and setup utility JAR files. To verify that the file has been downloaded, check the extlib directory within your agent’s root path.

Troubleshooting

To collect logs for ServiceNow Mid Server instances, follow these steps:

1. Create a Jar file by following these steps.

2. Check the Logs file of MID Server in case of failures. Logs are stored at <Mid Server installation path> / agent/log/.

3. Select the wrapper.log file to be shared.

4. Set the log file as 4.

5. Restart the service.

6. Verify the debug logs in the wrapper.log file.