We installed vRA7.5 and have Kingston ServiceNow. I've installed the 4.0 plugin for Kingston and went through basic configuration and client registration. I can also login through ServiceNow to get to vRA with the necessary redirect. When we execute the scheduled import items vRealize-Automation-AuthGenerator , vRealize-Automation-ImportCatalogItems , vRealize-Automation-ImportServicesAsCategories, etc. the vRA plugin logs indicate a login failure - Invalid username/password combo. I have verified I'm able to curl a bearer token and access the api resources on the vRA server inclusive of requesting catalog and submitting requests. We are not using the default vphere.local tenant so maybe that has something to do with it? Also, the tenant we're attempting to access has active directory integrated for authentication\authorization. We have a couple of vsphere.local accounts that are also administrators in this tenant.
One that I'm not sure should or should not be populated with data is the x_vmw_vmware_vrasp.vrasn.api.Auth.Token property in System Properties. I have not been able to get any value listed here when executing the AuthGenerator import. I've verified the user configured in basic configuration has been added into the appropriate business group as well. Should the api.Auth.Token property have a bearer token updated by one of these import tasks?
Exception caught inside VRASNAuthGenerator.updateAuthToken: JavaException: java.lang.SecurityException: Illegal access to package_private script include JSUtil: caller not in scope rhino.global
REST call error found inside VRASNImportCMDB.reconcileCMDB for pagination: Method failed: (/catalog-service/api/consumer/resources) with code: 401 - Invalid username/password combo
Issue resolved. The JSUtil script in servicenow was set to "accessible from: this application scope only" I updated this to all application scopes and the token was able to be generated.