This article is based on the ServiceNow support article. See the original article on the ServiceNow support site: ServiceNow HI: Basic Auth: SOAP Requests.
Requires basic authorization for incoming SOAP requests.
|Configuration Type||System Properties (/sys_properties_list.do)|
|Purpose||To enforce soap requests authorization.|
|Default Behavior||Set to true|
|Release Version||Summer 2008|
(Medium) This remediation would enforce the combination of authentication in the form of Basic auth and system level access control while retrieving data from tables/pages in the form of SOAP data on the instance. If there are guest users currently accessing this data, they will be restricted, and customer will have to create a new account for the user who needs access to this content with necessary access control permissions, if applicable. For more information please visit the following product documentation page: https://docs.servicenow.com/bundle/kingston-servicenow-platform/page/integrate/inbound-soap/reference/r_SOAPRoles.html
High - Without appropriate authorization configured on the datasource SOAP requests, an unauthorized user can get access to sensitive content/data on the target instance..
|Workaround||No alternate method available.|
How to configure
- Navigate to /sys_properties_list.do
- Search for the property
- Assign the recommended value as shown in the screenshot > Click Update.