Implementing JWT Authentication

The JWT (JSON Web Token) and its importance in modern authentication, particularly for integrating external applications.

JWT simplifies and secures authentication, making it ideal for modern applications. JWT supports built-in token expiration, allowing for easy control over token lifespan, enhancing security by automatically invalidating old tokens. Their use in securing APIs is also significant, as they can be passed in HTTP headers, making them perfect for protecting stateless RESTful APIs. Overall, JWT provides a secure, scalable, and efficient way to handle authentication and authorization in modern applications.

Generating Certificate and Configuring JWT in ServiceNow

As part of my journey implementing JWT authentication in ServiceNow, one of the most critical tasks was generating a .jks certificate from the public/private key pair provided by an external application. Below is a detailed breakdown of the steps I followed, including the OpenSSL commands used and how the certificate was configured for ServiceNow.

1. Generating the .key File

I began by creating the RSA key in Sublime, based on the key pair provided by the external application. This key would be used as the foundation for generating the necessary certificate.

2. Creating the Certificate in OpenSSL

Using OpenSSL, I executed the following commands to generate a certificate from the provided key

openssl req -new -x509 -key <file-name>.key -out <certificate-name>.pem -days 1095        

- This command generates a .pem certificate, which is valid for 1095 days (approximately 3 years).

- The key (`<file-name>.key`) provided by the external application is used as input to generate the certificate.

The result is a .pem file, which is used for signing the JWT tokens during authentication.

3. Converting the Certificate to PKCS#12 Format

Next, I converted the .pem certificate and key into a PKCS#12 file format using the following command

openssl pkcs12 -export -in <certificate-name>.pem -inkey <file-name>.key -certfile <certificate-name>.pem -out <PKCS-12-file-name>.p12        

- PKCS#12 is a format used to bundle private keys with the corresponding public certificates.

- The command exports the .pem certificate into a .p12 file, which can then be used for further conversion to .jks format.

4. Converting PKCS12 to .jks Format

With the .p12 file ready, I used the Java Keytool to convert it into a .jks file format, which is required for use in ServiceNow.

keytool -importkeystore -srckeystore <PKCS-12-file-name>.p12 -srcstoretype pkcs12 -destkeystore <JKS-certificate-filename>.jks -deststoretype JKS        

- This command converts the .p12 file to the .jks format, creating a .jks certificate that can be attached in the ServiceNow JWT provider.

- You can set passwords and store details during this process to secure the certificate further.

5. Uploading the .jks Certificate to ServiceNow

Once the .jks certificate was generated, the next step was to configure it in ServiceNow:

- Navigate to System OAuth > JWT Provider in ServiceNow.

- Attach the .jks file in the JWT provider configuration.

This allowed ServiceNow to authenticate users based on the JWT tokens signed with the RSA keys.

6. Using the JWT in ServiceNow Scripts

Finally, I used the JWT tokens in ServiceNow scripts to validate users and handle POST/PUT requests. This enabled secure data transfer between the external application and ServiceNow while ensuring that only authenticated users could perform actions on records.

What I Learned

Through this process, I learned several key concepts:

- Certificate Generation: I gained hands-on experience with OpenSSL and Java Keytool, understanding how to convert certificates between different formats and how each is used in real-world scenarios.

- JWT Configuration: I learned the importance of setting up the JWT provider correctly in ServiceNow and how to integrate the certificates to validate user tokens.

- Security Best Practices: Implementing this solution deepened my understanding of key security practices such as encrypting certificates and securely managing private keys for authentication.

This project gave me an opportunity to explore secure authentication mechanisms and apply them effectively within ServiceNow. I look forward to exploring more integrations and sharing my experiences!