Web proxy

Several ServiceNow properties support web proxy configuration.

Basic proxy setup

Use certain properties to manage connections to a ServiceNow instance through a proxy server.

Use the following properties to manage connections to a ServiceNow instance through a proxy server.

Note: Set these properties from the System Properties [sys_properties] table.
Table 1. Proxy setup properties
Property Description Examples
glide.http.proxy_host Specify the proxy server hostname or IP address.
  • Type: string
  • Default value: none
proxy.company.com, 192.168.34.54
glide.http.proxy_port Specify the port number for the proxy server.
  • Type: string
  • Default value: none
8080, 9100
glide.http.proxy_username Specify the username used to authenticate the proxy server.
  • Type: string
  • Default value: none
proxyuser
glide.http.proxy_password Specify the password used to authenticate the proxy server.
  • Type: string
  • Default value: none
password
glide.email.override.url Set the URL to use in emailed links in place of the instance URL. The URL should end with nav_to.do.
  • Type: string
  • Default value: instance URL
https://servicenow.customerdomain.com/production/nav_to.do

NTLM authentication

NTLM is the most complex of the authentication protocols supported by a basic web server.

NTLM is the most complex of the authentication protocols supported by a basic web server such as HttpClient. It is a proprietary protocol designed by Microsoft with no publicly available specification. Early versions of NTLM were less secure than Digest authentication due to faults in the design. However, these were fixed in a service pack for Windows NT 4 and the protocol is now considered more secure than Digest authentication.

NTLM authentication requires that an instance of NTCredentials be available for the domain name of the server or the default credentials. Since NTLM does not use the notion of realms, HttpClient uses the domain name of the server as the name of the realm. Also, the username provided to the NTCredentials should not be prefixed with the domain:
  • Correct: adrian
  • Incorrect: DOMAIN\adrian
There are some significant differences in the way NTLM works compared with basic and digest authentication. These differences are generally handled by HttpClient. However, having an understanding of these differences can help you avoid problems when using NTLM authentication.
  • NTLM authentication works almost exactly the same as any other form of authentication in terms of the HttpClient API. The only difference is that you need to supply NTCredentials instead of UsernamePasswordCredentials (NTCredentials actually extends UsernamePasswordCredentials so you can use NTCredentials right throughout your application, if needed).
  • The realm for NTLM authentication is the domain name of the computer being connected. This can be troublesome because servers often have multiple domain names. Only the domain name that HttpClient connects to, as specified by the HostConfiguration, is used to look up the credentials. While initially testing NTLM authentication, it is best to pass the realm in as null, which is used as the default.
  • NTLM authenticates a connection and not a request. So you need to authenticate every time a new connection is made and keeping the connection open during authentication is vital. For this reason, NTLM cannot be used to authenticate with both a proxy server and the web server, nor can NTLM be used with HTTP 1.0 connections or web servers that do not support HTTP keep-alives.
Note: Set these properties from the System Properties [sys_properties] table.
Table 2. NTLM authentication
Property Description Examples
glide.http.proxy_ntusername Specify the username used to authenticate the proxy server with NTLM authentication.
  • Type: string
  • Default value: none
username
glide.http.proxy_ntpassword Specify the password used to authenticate the proxy server with NTLM authentication.
  • Type: string
  • Default value: none
password
glide.http.proxy_nthost Specify the hostname used to authenticate the proxy server with NTLM authentication.
  • Type: string
  • Default value: none
nthost
glide.http.proxy_ntdomain Specify the domain used to authenticate the proxy server with NTLM authentication.
  • Type: string
  • Default value: none
DOMAIN

Proxy servers for SOAP clients

Administrators can specify separate proxy settings for SOAP clients, such as the MID Server or ODBC Driver.

To specify a proxy server for a MID Server, see MID Server Configuration. To specify a proxy server for the ODBC driver, see ODBC proxy configuration.

Bypass the proxy server

Administrators can configure ServiceNow to bypass the proxy server for specific URLs or URL patterns.

Typically, internal addresses do not need a proxy server for SOAP communications.

Table 3. Bypass the proxy server
Property Description Examples
glide.http.proxy_bypass_list Specify the semicolon-separated list of addresses that bypass the proxy server. Use an asterisk as a wildcard character to specify all or part of an address.
  • Type: string
  • Default value: none
  • Location: System Properties [sys_properties] table
127.0.0.1;*.internal.com;localhost