Configure SOAP security

Administrators can configure web service security for inbound SOAP requests made to the ServiceNow instance.

Before you begin

Role required: admin

About this task

You can also set up web service security to use different certificates for different web service clients. By enabling web service security, you can prevent man-in-the-middle attacks.

Note: After you configure a WS-security profile or a security policy, validation is performed on all incoming SOAP requests, including from the MID Server or ODBC driver. Disable validation for these types of requests by marking the service accounts as internal integration users.

Procedure

  1. Upload a certificate to the instance.
  2. Create a WS-security profile.
  3. Create a security policy.
    Security policies define which WS-security profiles are used to evaluate a particular web service request. If no policy is defined, all WS-security profiles are used to evaluate all requests.
  4. Set the value of the property glide.soap.default_security_policy to the name of the new security policy.