This article is based on the ServiceNow support article. See the original article on the ServiceNow support site: ServiceNow HI: Basic Auth: SOAP Requests.
Requires basic authorization for incoming SOAP requests.
| SOAP Request | |
|---|---|
| Property Name | glide.basicauth.required.soap |
| Configuration Type | System Properties (/sys_properties_list.do) |
| Purpose | To enforce soap requests authorization. |
| Requirement | Recommended |
| Recommended Value | True |
| Default Behavior | Set to true |
| Revertible behavior | N/A |
| Role required | Security_admin |
| Release Version | Summer 2008 |
| Functional Impact | (Medium) This remediation would enforce the combination of authentication in the form of Basic auth and system level access control while retrieving data from tables/pages in the form of SOAP data on the instance. If there are guest users currently accessing this data, they will be restricted, and customer will have to create a new account for the user who needs access to this content with necessary access control permissions, if applicable. For more information please visit the following product documentation page: https://docs.servicenow.com/bundle/kingston-servicenow-platform/page/integrate/inbound-soap/reference/r_SOAPRoles.html |
| Security Risk | High – Without appropriate authorization configured on the datasource SOAP requests, an unauthorized user can get access to sensitive content/data on the target instance.. |
| Workaround | No alternate method available. |
| References | https://docs.servicenow.com/bundle/kingston-servicenow-platform/page/integrate/inbound-soap/concept/c_BasicAuthentication.html |
How to configure #
- Navigate to /sys_properties_list.do
- Search for the property
- Assign the recommended value as shown in the screenshot > Click Update.
