Security Guide for Siebel Business Applications

What's New in This Release

Back to top

About Security for Siebel Business Applications

General Security Concepts

Industry Standards for Security

Siebel Security Architecture

User Authentication for Secure System Access

Security Adapter SDK

End-to-End Encryption for Data Confidentiality

Controlling Access to Data

Auditing for Data Continuity

Secure Physical Deployment to Prevent Intrusion

Security for Mobile Solutions

Security Settings for the Web Browser

Bibliography of Security References

Roadmap for Configuring Security

Back to top

Changing or Adding Passwords

Changing Default Passwords

Changing System Administrator Passwords on Microsoft Windows

Changing the Siebel Administrator Password on UNIX

Changing the Table Owner (DBO) Password

Troubleshooting Password Changes By Checking for Failed Server Tasks

Adding a Password for Updating Web Server Static Files

Managing Encrypted Passwords in the eapps.cfg File

About Password Encryption

Back to top

Physical Deployment and Auditing

About the Siebel Network

Firewall and Proxy Server Support

Role of Siebel Server Load Balancing in Networking Security

Port Numbers

Restricting Access

Auditing for Data Continuity

Securing Siebel Reports Server

Securing Communications Between the Siebel Web Client and Actuate Active Portal

Securing Communications Between the AOM and Actuate iServer

Securing Siebel Document Server

Back to top

Communications and Data Encryption

Types of Encryption

Configuring Secure Communications

Configuring Encryption for Siebel Enterprise and SWSE

Configuring SSL Encryption for Siebel Enterprise or Siebel Server

Configuring SSL Encryption for SWSE

Configuring Encryption for Web Clients

Configuring Encryption for Mobile Web Client Synchronization

Configuring Data Encryption

Using Key Database Manager

Upgrade Issues for Data Encryption

Configuring Business Component Encryption

Encrypted Database Columns

Upgrading Encrypted Data to 56-bit RC2 Encryption

Security Considerations for Unicode Support

Back to top

Security Adapter Authentication

About User Authentication

Comparison of Authentication Strategies

About Siebel Security Adapters

Configuring Database Authentication

About LDAP/ADSI Security Adapter Authentication

LDAP/ADSI Authentication Process

Requirements for LDAP/ADS Directory

Installing LDAP Client Software

Considerations for Secure LDAP Using SSL

Installing the IBM LDAP Client and GSKit on Windows

Installing the IBM LDAP Client and GSKit on Solaris

Installing the IBM LDAP Client and GSKit on AIX

Installing the IBM LDAP Client and GSKit on HP-UX

Installing and Configuring IBM GSK iKeyMan

Generating a CMS File Using IBM GSK iKeyMan

Implementing LDAP/ADSI Security Adapter Authentication

Using the LDAP/ADSI Configuration Utility

About Configuration for Developer Web Clients

Procedure for Configuring LDAP/ADSI Security Adapters

Setting Up Security Adapter Authentication: A Scenario

Creating a Database Login

Setting Up the LDAP/ADS Directory

Creating Users in the LDAP/ADS Directory

Adding User Records in the Siebel Database

Editing Parameters in the eapps.cfg File

Editing Parameters Using Siebel Server Manager

Editing Parameters in the Application Configuration File

Setting a System Preference for Developer Web Clients

Restarting Servers

Testing the LDAP/ADSI Authentication System

Configuring Password Hashing

Login Scenario for Password Hashing

Usage Guidelines for Password Hashing

Configuring User and Credentials Password Hashing

Running the Password Hashing Utility

Security Adapter Deployment Options

Configuring the Application User

Configuring Checksum Validation

Configuring Secure Communications for Security Adapter

Configuring the Shared Database Account

Configuring Adapter-Defined User Name

Configuring the Anonymous User

Configuring Roles Defined in Directory

Security Adapters and Siebel Developer Web Client

Authentication for Mobile Web Client Synchronization

Back to top

Web Single Sign-On Authentication

About Web Single Sign-On

Implementing Web SSO Authentication

Setting Up Web SSO: A Scenario

Process of Implementing Web SSO

Creating Protected Virtual Directories

Creating a Database Login

Setting Up the Active Directory Server

Creating Users in the Directory

Adding User Records in the Siebel Database

Editing Parameters in the eapps.cfg File

Editing Name Server Parameters

Editing Parameters in the Application Configuration File

Restarting Servers

Testing Web SSO Authentication

Digital Certificate Authentication

User Specification Source

Back to top

Security Features of Siebel Web Server Extension

Configuring Secure Views

Login Features

Cookies and Siebel Business Applications

Session Cookie

Auto-Login Credential Cookie

Siebel QuickStart Cookie

Enabling Cookies for Siebel Business Applications

Back to top

User Administration

About User Registration

Configuring Anonymous Browsing

About Anonymous Browsing and Unregistered Users

Implementing Anonymous Browsing

Configuring Views for Anonymous Browsing or Explicit Login

About Self-Registration

Implementing Self-Registration

Modifying the Anonymous User Record

Setting Configuration Parameters for Self-Registration

Activating Workflow Processes for Self-Registration

Modifying Self-Registration Views and Workflows

Managing Duplicate Users

Managing Forgotten Passwords

User Experience for a Forgotten Password

Defining Password Length for System-Generated Passwords

Architecture for Forgotten Passwords

Modifying the Workflow Process for Forgotten Passwords

Modifying Workflow Process to Query Null Fields

Modifying Workflow Process to Request Different Identification Data

Internal Administration of Users

Adding a User to the Siebel Database

Adding a New Employee

Adding a New Partner User

Adding a New Contact User

Promoting a Contact to a Contact User

New Responsibility Field for User Record

Delegated Administration of Users

User Authentication Requirements for Delegated Administration

Access Considerations for Delegated Administration

Registering Contact Users—Delegated Administration

Registering Partner Users—Delegated Administration

Maintaining a User Profile

Editing Personal Information

Changing a Password

Changing the Active Position

Back to top

Configuring Access Control

About Access Control

Access Control for Parties

Access Control for Data

Access Control Mechanisms

About Personal Access Control

About Position Access Control

About Single-Position Access Control

About Team (Multiple-Position) Access Control

About Manager Access Control

About Organization Access Control

About Single- and Multiple-Organization Access Control

About Suborganization Access Control

About All Access Control

About Access-Group Access Control

Planning for Access Control

Access Control and Business Environment Structure

Planning for Divisions

Planning for Organizations

Planning for Positions

Planning for Responsibilities

Implementing Access Control

Applications and Access Control

Setting Up Divisions, Organizations, and Positions

Responsibilities and Access Control

Business Component View Modes

Business Component View Mode Fields

Applet Access Control Properties

View Access Control Properties

Example of Flexible View Construction

Implementing Access-Group Access Control

Scenario That Applies Access-Group Access Control

The User's Experience

Administrative Tasks

Administering Catalogs of Data

Administering Positions, Organizations, Households, and User Lists

Administering Access Groups

Associating Access Groups with Data

Managing Tab Layouts Through Responsibilities

Administering Tab Layout

Assigning a Primary Responsibility

Exporting and Importing Tab Layouts

Managing Tasks Through Responsibilities

Administering Access Control for Business Services

Associating a Business Service with a Responsibility

Associating a Responsibility with a Business Service

Example of Associating a Responsibility with Business Service Methods

Clearing Cached Business Services

Disabling Access Control for Business Services

Clearing Cached Responsibilities

Additional Access Control Mechanisms

Configuring Visibility of Pop-Up and Pick Applets

Configuring Drilldown Visibility

Party Data Model

How Parties Relate to Each Other

Person (Contact) Data Model

User Data Model

Employee Data Model

Position Data Model

Account Data Model

Division Data Model

Organization Data Model

Partner Organization Data Model

Household Data Model

User List Data Model

Access Group Data Model

Back to top

Troubleshooting Security Issues

User Authentication Issues

User Registration Issues

Access Control Issues

Back to top

Configuration Parameters Related to Authentication

Parameters in the eapps.cfg File

Siebel Gateway Name Server Parameters

Siebel Application Configuration File Parameters

System Preference

Back to top

Seed Data

Seed Employee

Seed Users

Seed Responsibilities

Seed Position and Organization

Seed Database Login

Back to top

Addendum for Siebel Financial Services

Siebel Financial Services Applications

User Authentication for Siebel Financial Services

Registering and Administering Users for Siebel Financial Services

Seed Data

Unregistered Users and Anonymous Browsing

Self-Registration

Internal Administration of Users

External Administration of Users

Maintaining a User Profile

Basic Access Control for Siebel Financial Services

Access Control Mechanisms

Administering Access-Group Access Control

Configuration File Names for Siebel Financial Services Applications

Seed Data for Siebel Financial Services

Seed Users

Seed Responsibilities

Back to top