http://youtu.be/hTo0YEQhiXA

The ServiceNow Dublin release includes a new enhancement around security protecting the WSDL resources on a ServiceNow instance. In the past, you had two options with regard to controlling who could view your WSDL documents. One, you could require a user to authenticate before they could see the WSDL. Two, you could allow anyone to see the WSDL document. All this was controlled by a simple checkbox in the web services security properties page.

ServiceNow-3

The Dublin release now allows you to protect your WSDL documents by requiring the soap or admin role as well as the requirement to authenticate to view the WSDL. Now, with this requirement, only those with Web services capabilities can see the WSDL documentation.

While this added level of security is great, it does make it a little bit more difficult for those who wish to allow unauthenticated access to their WSDL documents. Why would you ever want to do this? Some web service clients do not have the ability to authenticate during a WSDL query and thus are blocked from getting the WSDL. There are usually workarounds for this, but a lot of people are okay with public access to WSDL documentation because it only describes the web service rather than gives anyone access to use it.

With the Dublin release and beyond, if you wish to make your WSDL documents accessible without authentication, you will still need to uncheck the system property that requires authentication for WSDL access. In addition to this, you will need to go to the access control list and look up the access control record for the “WSDLProcessor”. Once you find this access control record, simply deactivate the ACL.

ServiceNow-2

For more information on this change, as well as a live demo of making a WSDL document public in Dublin, please see the video at the top of this blog post.