Setup

This setup must be completed before running the setup utility on each MID Server. For more information, see Running the Setup Utility on Each MID Server.

Supported Credential Types

The following credential types are supported and can be validated as part of the integration:

  • Windows

  • JDBC

  • SSH

  • SSH PrivateKey

  • SNMPv3

  • SNMP Community

  • JMS

  • VMware

  • Active Directory Account

Step 1: Install the MID Server Plugin

To obtain the required setup utility and integration files, install the Delinea Credential Resolver plugin from the ServiceNow Store.

Option A: Installing the Integration Plugin via the ServiceNow Store

To install the plugin automatically:

  1. Sign in to your ServiceNow Store account.

  2. Search for Delinea Credential Resolver.

  3. Select Install.

  4. Follow the prompts to deploy the plugin into your ServiceNow instance.

This plugin contains both the platform-side resolver logic and the utility JAR archive used for MID Server setup.

Option B: Installing the Integration Plugin via Manual XML Import

To manually install via XML Import:

XML installation is mandatory starting from the Xanadu version when the application is not installed through the ServiceNow Store.

If you are unable to use the ServiceNow Store for installation or prefer a manual setup, you can import the necessary XML files into ServiceNow.

Download the most recent version of the integration from this location.

To import an XML file into ServiceNow using the Mid Server integration:

Unzip the downloaded file.

The extracted file should contain the following files:

  • DelineaCredentialResolver_xml.xml

  • DelineaCredentialResolver-<version number>.jar

  • DelineaMidServerSetupUtility.jar

  • Release Notes

Uploading the XML file will also install the required JAR files when performing a manual installation. If you are using any version before Xanadu, you may continue to install the application by simply adding the required JAR files and skipping the XML installation process.

Step 2: Locate and Extract the Setup Utility

After installing the plugin, locate the JAR archive deployed to the MID Server file system.

To extract the setup utility:

  1. On your MID Server host machine, navigate to the plugin’s installed directory:

    • <MID Server Root>\agent\extlib

  2. Locate the archive that includes:

    • DelineaCredentialResolver.jar

    • DelineaMidServerSetupUtility.jar

  3. Extract the archive using a ZIP utility.

  4. Move DelineaMidServerSetupUtility.jar to a known location for running in the next step.

Step 3 (Optional) Enable Grant File Mode

If you plan to use Grant File Mode, you must run a separate PowerShell script on the MID Server to generate the required oauth2_grant.json file.

The PowerShell script required for Grant File Mode is not included in the plugin or setup utility archive.

To use Grant File Mode, you must create or obtain one of the following Power Shell scripts:

  • refresh-oauth2.ps1 – uses direct REST API call to get a token

  • refresh-oauth2_useSDK.ps1 – uses the Delinea Secret Server SDK to get a token

These scripts are essential for generating the oauth2_grant.json file, which is used by the MID Server during credential resolution in Grant File Mode.

Additional Setup Notes for Grant File Mode

To enable Grant file mode using refresh-oauth2.ps1, use the following setup:

  1. Run the following PowerShell command to create a secure password file:

    2. 'replace-with-your-password' | ConvertTo-SecureString -AsPlainText -Force | Export-Clixml -Path C:\Delinea\passfile.XML

    Replace the placeholder with your actual password. This file will be used by refresh-oauth2.ps1 to fetch tokens securely.

  2. Create a PowerShell script named refresh-oauth2.ps1 with the following script:

    3. Copy 
    param(
        [string]$SecretServerUrl,
        [string]$User,
        [string]$PasswordFile,
        [string]$Path
    )
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    $password = Import-Clixml -Path $PasswordFile
    $plainTextPwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))

    $body = @{
        "grant_type" = "password"
        "username" = $User
        "password" = $plainTextPwd
    }

    $value = Invoke-RestMethod -Method POST -Uri "$SecretServerUrl/oauth2/token" -Body $body | Select-Object -Expandproperty access_token
    Set-Content -Path $Path -Encoding Ascii -Force -Value $value -NoNewline

  3. Create a run.bat file and add the following script inside it:

    Copy 
    -NoProfile -ExecutionPolicy Bypass -Command "C:\\Delinea\\refresh-oauth2.ps1 -Path C:\\ServiceNow\\prod\\agent\\oauth2_grant.json –SecretServerUrl
    'https://enterprisevault.com/SecretServer' -User midapp -PasswordFile
    'C:\\Delinea\\passfile.xml'

  4. Double-click the recently created run.bat file. This will securely create the oauth2_grant.json file used by the Delinea MID Server.

    1. Copy and paste the path of the oauth2_grant.json file.

      This is required when running Delinea Mid Server Setup Utility.

To enable Grant file mode using refresh-oauth2_useSDK.ps1, use the following setup:

  1. Create a refresh-oauth2_useSDK.ps1 file and copy the following script inside it:

    Copy 
    [cmdletbinding()]
    param(
    [string]\$Path,
    [string]\$SdkPath
    )
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    if (Test-Path \$SdkPath) {
    Set-Location \$SdkPath
    } else {
    throw "Unable to find SDK Path: \$SdkPath"}
    if (Test-Path '.\\tss.exe') {
    try {
    \$value = .\\tss.exe token
    } catch {
    throw "Unable to obtain token: \$(\$_.Exception.Message)"}
    }
    Set-Content -Path \$Path -Encoding Ascii -Force -Value \$value -NoNewline

  2. Download secretserver-sdk-1.5.9-win-x64. The sdk client can be downloaded as follows:

  3. Unzip the sdk file, open a Command Prompt and navigate to the directory where secretserver-sdk-1.x.x-win-x64 is located. Use the SDK to connect to Secret Server using the onboarding key.

  4. The rule name and onboarding key will be required. Go here to see how to create the SDK client rule.

  5. Create a run.bat file and add the following script inside it:

    6. Copy 
    -NoProfile -ExecutionPolicy Bypass -Command "C:\\Delinea\\refresh-oauth2_useSDK.ps1 -Path C:\\ServiceNow\\prod\\agent\\oauth2_grant.json -SdkPath C:\\Delinea\\secretserver-sdk-1.5.0-win-x64"
  6. Double-click the recently created run.bat file. This will securely create the oauth2_grant.json file used by the Delinea MID Server
refresh-oauth2.ps1— Fetches token via REST using a password file.
passfile.XML —Stores the encrypted password securely .
Run.bat —Triggers the PowerShell script.
refresh-oauth2_useSDK.ps1— Fetches token using the SDK and outputs JSON token.

Step 4: Run the Setup Utility on Each MID Server