Preparation for Basic Authentication
What you will need to prepare in advance of implementing the 1E Core application. Typically, these are tasks that may take some time to organize, depending on how your organization works. A more complete checklist of tasks is provided in the Requirements page.
Installing 1E
For information on installing 1E (on-premises), refer to Planning for 1E 8.1.
Disable 1E Two-factor Authentication
The 2FA feature must be disabled in 1E. The 1E 2FA feature prompts users for an authentication code for each instruction request, which is not supported by 1E. Selective use of the two-factor authentication feature for different 1E consumers is not currently available in 1E, therefore it must be completely disabled before 1E is used.
If you have not yet installed 1E, then do not enable the feature (it is disabled by default) when running 1E Setup.
If you have already installed 1E with 2FA enabled, then ask your 1E administrator to disable the feature by re-configuring the 1E Coordinator service.
Check your 1E license
For the 1E Core app to work with 1E, you need to have a suitable license with the ServiceNow consumer added to it. Without this, you will get authentication errors in the 1E Core application.
If you have not yet installed 1E, then you will need to obtain a 1E license file, and check it as follows:
-
Open your Tachyon.lic license file using Notepad.
-
Confirm the following exist in the features section (there will also be other consumers in this section):
-
Feature name="TachyonPlatform"
-
Consumer name="1EServiceNowCore" enable="on"
-
-
If it is not there, then you should contact support@1e.com to get an updated license file.
Copy<Feature name="TachyonPlatform">
...
<Consumer name="1EServiceNowCore" enable="on"> </Consumer>
...
</Feature>
If you have already installed 1E, check your license as follows:
-
Login to 1E as a Global Administrator, using the Settings app, and navigate to Configuration→License information page.
-
Check that a feature with the name ServiceNow-Integration exists there and whether it has 1EServiceNowCore consumer.
-
If it is not there, then you should contact support@1e.com to get your license enhanced.
-
If your 1E system has access to the 1E Licensing service via the Internet, then your license will be updated automatically.
Configuring 1E
The following are required after installing 1E.
Enable Basic Authentication
All access to 1E by third-party applications goes through 1E's Consumer API. To allow the ServiceNow proxy user account to access 1E, you must enable basic authentication on the Consumer API in IIS.
This is done in two steps:
-
Ensure that the Basic Authentication role is installed for IIS.
-
Enable Basic Authentication on the Consumer and Experience Analytics web applications in the 1E website.
For convenience, the following script is provided that ensures that the basic authentication role is installed, enabled and then applied to the 1E Consumer API:
Enable Basic Authentication using PowerShell
<# 1E Ltd Copyright 2022
Disclaimer:
Your use of this script is at your sole risk. This script is provided "as-is", without any warranty, whether express
or implied, of accuracy, completeness, fitness for a particular purpose, title or non-infringement, and is not
supported or guaranteed by 1E. 1E shall not be liable for any damages you may sustain by using this script, whether
direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.
#>
Import-Module ServerManager
Write-Host 'Install Basic Authentication'
Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-3.txt -Append
Install-WindowsFeature Web-Basic-Auth
Get-WindowsFeature | Out-file $PSScriptRoot\ServerManager-4.txt -Append
Write-Host ''
Write-Host 'Enable Basic Authentication'
Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/BasicAuthentication" -name Enabled -value True -PSPath "IIS:\" -location "Tachyon/Consumer"
Set-WebConfigurationProperty -filter "/system.webServer/security/authentication/BasicAuthentication" -name Enabled -value True -PSPath "IIS:\" -location "Tachyon/Experience"
Write-Host 'Done'
If you prefer to run the steps by hand, they are:
-
Ensure that the Basic Authentication IIS role is installed on the server hosting the 1E website. If not, add the role to the server.
-
Open Internet Information Services (IIS) Manager.
You will need to do the following steps for both Consumer and Experience Analytics web applications. The following shows the steps for Consumer.
-
Before enabling Basic Authentication on the 1E Consumer site, you should confirm that it is configured to use HTTPS.
-
Navigate to the Sites→Tachyon→Consumer node.
-
Double-click on the SSL Settings feature.
-
-
Confirm that the Require SSL checkbox is checked.
-
Navigate back to the Sites→Tachyon→Consumernode.
-
Having checked that the site is configured to use HTTPS, we can now enable Basic Authentication.
-
Double-click the Authentication feature.
-
-
Right-click on Basic Authentication and select the Enable option from the context menu.
-
The Basic Authentication Status should now be displaying Enabled.
When you do this, an alert may appear that can safely be ignored.
Repeat the above steps for the Experience Analytics web application.
Add the ServiceNow consumer to 1E
The 1E Core application is a 1E consumer that interacts with 1E using the Rest services provided in the 1E API. The consumer for the 1E Core application is called 1EServiceNowCore, which must be added to 1E using the following steps after 1E is installed:
-
Login to Settings app using a 1E user account that has at least the following administrator rights:
-
Consumer Administrators role.
-
-
Navigate to Configuration→Consumers.
-
Click on the Add+ button.
-
The new consumer should be configured with the default values, except for the following:
Parameter |
Value |
---|---|
Name |
1EServiceNowCore |
Consumer URL |
This can be left blank. |
Maximum simultaneous instructions |
This number should be more than the number of simultaneous WSA upgrades you expect to do in your organization while not excessive for your environment. In a demonstration or test lab where you expect to have many incomplete WSA upgrades initiated, this number can be quite large (for example, 1000). |
Offload target URL |
This can be left blank. |
Offload timeout sections |
This can be left blank. |
Use Windows Authentication |
This must be checked. |
Enabled |
This must be checked. |
Editing the ServiceNow consumer workflow
The 1E consumer page does not allow you to specify the workflow for the 1E Core consumer. This must be done using SQL Server Management Studio. To do so:
-
Open SQL Server Management Studio and connect to the SQL instance that hosts the TachyonMaster database.
-
Open a New Query and paste the below SQL query - no edits are required.
-
Execute the SQL query and confirm the 1EServiceNowCore setting is changed from NULL to:
[{"ReferenceType":0,"InstructionWorkflow":[{"InstructionType":1,"Workflow":{"StateMachine":"State"}}]}]
-
Close SQL Server Management Studio.
SQL script to configure 1EServiceNowCore setting
/* Script to change TachyonMaster Consumer setting */
USE [TachyonMaster]
GO
DECLARE @setting nvarchar(max), @oldvalue nvarchar(max), @newvalue nvarchar(max)
SET @setting = '1EServiceNowCore'
SET @newvalue = '[{"ReferenceType":0,"InstructionWorkflow":[{"InstructionType":1,"Workflow":{"StateMachine":"State"}}]}]'
SET @oldvalue = (SELECT [Workflow] FROM [dbo].[Consumer] WHERE [Name]= @setting)
UPDATE [dbo].[Consumer] SET [Workflow]=@newvalue WHERE [Name]=@setting
SELECT @setting AS 'Setting', @oldvalue AS 'Before', [Workflow] AS 'After' FROM [dbo].[Consumer]
WHERE [Name]=@setting
GO